package dk.gov.oio.saml.service;

import dk.gov.oio.saml.config.Configuration;
import dk.gov.oio.saml.util.ExternalException;
import dk.gov.oio.saml.util.InternalException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.i18n.filter.UntrustedUrlInput;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.joda.time.DateTime;
import org.opensaml.core.config.InitializationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dk/gov/oio/saml/service/CRLChecker.class */
public class CRLChecker {
    private static final Logger log = LoggerFactory.getLogger(CRLChecker.class);
    private static final String AUTH_INFO_ACCESS = Extension.authorityInfoAccess.getId();
    private static Map<String, X509Certificate> certificateMap = new HashMap();

    public static Set<X509Certificate> checkCertificates(List<X509Certificate> list, DateTime dateTime) throws ExternalException, InternalException, InitializationException {
        HashSet hashSet = new HashSet();
        if (list == null || list.size() == 0) {
            return hashSet;
        }
        for (X509Certificate x509Certificate : list) {
            if (checkCertificate(x509Certificate)) {
                hashSet.add(x509Certificate);
                log.debug("Certificate validated successfully: {}", x509Certificate.getSubjectDN());
            } else {
                log.error("Certificate did not validate: {}", x509Certificate.getSubjectDN());
            }
        }
        return hashSet;
    }

    private static boolean checkCertificate(X509Certificate x509Certificate) {
        boolean z = false;
        Configuration config = OIOSAML3Service.getConfig();
        if (config.isOcspCheckEnabled()) {
            try {
                z = doOCSPCheck(x509Certificate);
            } catch (Exception e) {
                log.warn("Unexpected error while validating certificate using OCSP.", e);
                if (config.isCRLCheckEnabled()) {
                    try {
                        z = doCRLCheck(x509Certificate);
                    } catch (Exception e2) {
                        log.warn("Unexpected error while validating certificate using CRL.", e2);
                    }
                }
            }
        } else if (config.isCRLCheckEnabled()) {
            try {
                z = doCRLCheck(x509Certificate);
            } catch (Exception e3) {
                log.warn("Unexpected error while validating certificate using CRL.", e3);
            }
        } else {
            log.warn("checkCertificate called, but both OCSP and CRL checking is disabled");
            z = true;
        }
        return z;
    }

    private static boolean doOCSPCheck(X509Certificate x509Certificate) throws CertificateException, CertPathValidatorException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        boolean z;
        log.debug("Starting OCSP validation of certificate {}", x509Certificate.getSubjectDN());
        String oCSPUrl = getOCSPUrl(x509Certificate);
        if (oCSPUrl == null) {
            throw new RuntimeException("No OCSP access location could be found");
        }
        X509Certificate issuingCertificate = getIssuingCertificate(x509Certificate);
        if (issuingCertificate == null) {
            throw new RuntimeException("CA Certificate for OCSP check could not be retrieved!");
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
        Security.setProperty("ocsp.enable", "true");
        Security.setProperty("ocsp.responderURL", oCSPUrl);
        try {
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(issuingCertificate, null)));
            pKIXParameters.setRevocationEnabled(true);
            CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
            log.debug("Certificate successfully validated during OCSP check.");
            z = false;
        } catch (CertPathValidatorException e) {
            if (e.getMessage() == null || !e.getMessage().contains("Certificate has been revoked")) {
                log.error("Validation failure, cert[{}] : {}", Integer.valueOf(e.getIndex()), e.getMessage());
                throw e;
            }
            z = true;
            log.info("Certificate revoked, cert[{}] : {}", Integer.valueOf(e.getIndex()), e.getMessage());
        }
        return !z;
    }

    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x00d5: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:59:0x00d5 */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x00d9: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:61:0x00d9 */
    /* JADX WARN: Type inference failed for: r7v0, types: [org.bouncycastle.asn1.ASN1InputStream] */
    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable] */
    private static X509Certificate getIssuingCertificate(X509Certificate x509Certificate) {
        log.debug("Attempting to extract issuing ca certifcate from certificate {}", x509Certificate.getSubjectDN());
        AuthorityInformationAccess authorityInformationAccess = null;
        try {
            try {
                ASN1InputStream aSN1InputStream = new ASN1InputStream(x509Certificate.getExtensionValue(AUTH_INFO_ACCESS));
                Throwable th = null;
                ASN1InputStream aSN1InputStream2 = new ASN1InputStream(aSN1InputStream.readObject().getOctets());
                Throwable th2 = null;
                try {
                    try {
                        ASN1Primitive readObject = aSN1InputStream2.readObject();
                        if (readObject != null) {
                            authorityInformationAccess = AuthorityInformationAccess.getInstance(readObject);
                        }
                        if (aSN1InputStream2 != null) {
                            if (0 != 0) {
                                try {
                                    aSN1InputStream2.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                aSN1InputStream2.close();
                            }
                        }
                        if (aSN1InputStream != null) {
                            if (0 != 0) {
                                try {
                                    aSN1InputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                aSN1InputStream.close();
                            }
                        }
                        Iterator<String> it = getIssuingCAUrls(authorityInformationAccess).iterator();
                        if (it.hasNext()) {
                            return downloadCertificate(new UntrustedUrlInput(it.next()).toString());
                        }
                        return null;
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (aSN1InputStream2 != null) {
                        if (th2 != null) {
                            try {
                                aSN1InputStream2.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            aSN1InputStream2.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Exception e) {
            log.debug("Cannot extract access location of issuing ca.", e);
            return null;
        }
    }

    private static X509Certificate downloadCertificate(String str) {
        InputStream openStream;
        Throwable th;
        X509Certificate x509Certificate;
        if (certificateMap.containsKey(str)) {
            return certificateMap.get(str);
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                openStream = new URL(str).openStream();
                th = null;
                try {
                    x509Certificate = (X509Certificate) certificateFactory.generateCertificate(openStream);
                } catch (Throwable th2) {
                    if (openStream != null) {
                        if (0 != 0) {
                            try {
                                openStream.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            openStream.close();
                        }
                    }
                    throw th2;
                }
            } catch (IOException e) {
                log.warn("Failed to download intermediate CA certificate from {}", str);
            }
            if (x509Certificate != null) {
                certificateMap.put(str, x509Certificate);
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        openStream.close();
                    }
                }
                return x509Certificate;
            }
            log.warn("Failed to parse certificate from {}", str);
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    openStream.close();
                }
            }
            return null;
        } catch (CertificateException e2) {
            log.warn("Failed to generate certificate factory", e2);
            return null;
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x00d5: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:59:0x00d5 */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x00d9: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:61:0x00d9 */
    /* JADX WARN: Type inference failed for: r7v0, types: [org.bouncycastle.asn1.ASN1InputStream] */
    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable] */
    private static String getOCSPUrl(X509Certificate x509Certificate) {
        log.debug("Attempting to extract OCSP location from certificate {}", x509Certificate.getSubjectDN());
        AuthorityInformationAccess authorityInformationAccess = null;
        try {
            try {
                ASN1InputStream aSN1InputStream = new ASN1InputStream(x509Certificate.getExtensionValue(AUTH_INFO_ACCESS));
                Throwable th = null;
                ASN1InputStream aSN1InputStream2 = new ASN1InputStream(aSN1InputStream.readObject().getOctets());
                Throwable th2 = null;
                try {
                    try {
                        ASN1Primitive readObject = aSN1InputStream2.readObject();
                        if (readObject != null) {
                            authorityInformationAccess = AuthorityInformationAccess.getInstance(readObject);
                        }
                        if (aSN1InputStream2 != null) {
                            if (0 != 0) {
                                try {
                                    aSN1InputStream2.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                aSN1InputStream2.close();
                            }
                        }
                        if (aSN1InputStream != null) {
                            if (0 != 0) {
                                try {
                                    aSN1InputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                aSN1InputStream.close();
                            }
                        }
                        Iterator<String> it = getOCSPUrls(authorityInformationAccess).iterator();
                        if (it.hasNext()) {
                            return new UntrustedUrlInput(it.next()).toString();
                        }
                        return null;
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (aSN1InputStream2 != null) {
                        if (th2 != null) {
                            try {
                                aSN1InputStream2.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            aSN1InputStream2.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Exception e) {
            log.debug("Cannot extract access location of OCSP responder.", e);
            return null;
        }
    }

    private static List<String> getIssuingCAUrls(AuthorityInformationAccess authorityInformationAccess) {
        ArrayList arrayList = new ArrayList();
        if (authorityInformationAccess != null) {
            AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
            for (int i = 0; i < accessDescriptions.length; i++) {
                if (accessDescriptions[i].getAccessMethod().equals(AccessDescription.id_ad_caIssuers)) {
                    GeneralName accessLocation = accessDescriptions[i].getAccessLocation();
                    if (accessLocation.getTagNo() == 6) {
                        arrayList.add(accessLocation.getName().getString());
                    }
                }
            }
        }
        return arrayList;
    }

    private static List<String> getOCSPUrls(AuthorityInformationAccess authorityInformationAccess) {
        ArrayList arrayList = new ArrayList();
        if (authorityInformationAccess != null) {
            AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
            for (int i = 0; i < accessDescriptions.length; i++) {
                if (accessDescriptions[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                    GeneralName accessLocation = accessDescriptions[i].getAccessLocation();
                    if (accessLocation.getTagNo() == 6) {
                        arrayList.add(accessLocation.getName().getString());
                    }
                }
            }
        }
        return arrayList;
    }

    private static boolean doCRLCheck(X509Certificate x509Certificate) throws IOException, CertificateException, CRLException, InitializationException {
        boolean z;
        String cRLUrl = getCRLUrl(x509Certificate);
        if (cRLUrl == null) {
            throw new RuntimeException("No CRL url could be found");
        }
        InputStream openStream = new URL(cRLUrl).openStream();
        Throwable th = null;
        try {
            try {
                X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(openStream);
                log.debug("CRL for {}: {}", cRLUrl, x509crl);
                if (x509crl.getRevokedCertificate(x509Certificate.getSerialNumber()) != null) {
                    log.warn("Certificate found in revocation list " + x509Certificate.getSubjectDN());
                    z = true;
                } else {
                    z = false;
                }
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
                return !z;
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (openStream != null) {
                if (th != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th4;
        }
    }

    private static String getCRLUrl(X509Certificate x509Certificate) throws IOException {
        log.debug("Attempting to extract distribution point from certificate {}", x509Certificate.getSubjectDN());
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.31");
        if (extensionValue == null) {
            return null;
        }
        for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getDistributionPoints()) {
            if (distributionPoint.getDistributionPoint() != null && (distributionPoint.getDistributionPoint().getName() instanceof GeneralNames)) {
                for (GeneralName generalName : distributionPoint.getDistributionPoint().getName().getNames()) {
                    if (generalName.getName() instanceof DERIA5String) {
                        return generalName.getName().getString();
                    }
                }
            }
        }
        return null;
    }
}
