package org.bouncycastle.jce.provider.test;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.internal.asn1.misc.NetscapeCertType;
import org.bouncycastle.internal.asn1.misc.NetscapeRevocationURL;
import org.bouncycastle.internal.asn1.misc.VerisignCzagExtension;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tls.test.TlsTestConfig;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Integers;
import org.bouncycastle.util.Properties;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.SimpleTest;

/* loaded from: input_file:org/bouncycastle/jce/provider/test/CertPathValidatorTest.class */
public class CertPathValidatorTest extends SimpleTest {
    private byte[] AC_PR = Base64.decode("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFU1RDQ0F6R2dBd0lCQWdJQkJUQU5CZ2txaGtpRzl3MEJBUVVGQURDQnRERUxNQWtHQTFVRUJoTUNRbEl4DQpFekFSQmdOVkJBb1RDa2xEVUMxQ2NtRnphV3d4UFRBN0JnTlZCQXNUTkVsdWMzUnBkSFYwYnlCT1lXTnBiMjVoDQpiQ0JrWlNCVVpXTnViMnh2WjJsaElHUmhJRWx1Wm05eWJXRmpZVzhnTFNCSlZFa3hFVEFQQmdOVkJBY1RDRUp5DQpZWE5wYkdsaE1Rc3dDUVlEVlFRSUV3SkVSakV4TUM4R0ExVUVBeE1vUVhWMGIzSnBaR0ZrWlNCRFpYSjBhV1pwDQpZMkZrYjNKaElGSmhhWG9nUW5KaGMybHNaV2x5WVRBZUZ3MHdNakEwTURReE9UTTVNREJhRncwd05UQTBNRFF5DQpNelU1TURCYU1HRXhDekFKQmdOVkJBWVRBa0pTTVJNd0VRWURWUVFLRXdwSlExQXRRbkpoYzJsc01UMHdPd1lEDQpWUVFERXpSQmRYUnZjbWxrWVdSbElFTmxjblJwWm1sallXUnZjbUVnWkdFZ1VISmxjMmxrWlc1amFXRWdaR0VnDQpVbVZ3ZFdKc2FXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXMwc0t5NGsrDQp6b016aldyMTQxeTVYQ045UGJMZERFQXN2cjZ4Z0NCN1l5bEhIQ1NBYmpGR3dOQ0R5NlVxN1h0VjZ6UHdIMXpGDQpFWENlS3JmUUl5YXBXSEZ4V1VKajBMblFrY1RZM1FOR1huK0JuVk9EVTZDV3M1c3NoZktHRXZyVlQ1Z214V1NmDQp4OFlsdDgzY1dwUE1QZzg3VDlCaHVIbHQzazh2M2EvNmRPbmF2dytOYTAyZExBaDBlNzZqcCtQUS9LK0pHZlBuDQphQjVVWURrZkd0em5uTTNBV01tY3VJK0o0ek5OMDZaa3ZnbDFsdEo2UU1qcnZEUFlSak9ndDlTcklpY1NmbEo4DQptVDdHWGRRaXJnQUNXc3g1QURBSklRK253TU1vNHlyTUtxSlFhNFFDMHhhT0QvdkdVcG9SaDQzT0FTZFp3c3YvDQpPWFlybmVJeVAwVCs4UUlEQVFBQm80RzNNSUcwTUQwR0ExVWRId1EyTURRd01xQXdvQzZHTEdoMGRIQTZMeTloDQpZM0poYVhvdWFXTndZbkpoYzJsc0xtZHZkaTVpY2k5TVExSmhZM0poYVhvdVkzSnNNQklHQTFVZElBUUxNQWt3DQpCd1lGWUV3QkFRRXdIUVlEVlIwT0JCWUVGREpUVFlKNE9TWVB5T09KZkVMZXhDaHppK2hiTUI4R0ExVWRJd1FZDQpNQmFBRklyNjhWZUVFUk0xa0VMNlYwbFVhUTJreFBBM01BNEdBMVVkRHdFQi93UUVBd0lCQmpBUEJnTlZIUk1CDQpBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQlFVQUE0SUJBUUJRUFNoZ1lidnFjaWV2SDVVb3ZMeXhkbkYrDQpFcjlOeXF1SWNkMnZ3Y0N1SnpKMkQ3WDBUcWhHQ0JmUEpVVkdBVWorS0NPSDFCVkgva1l1OUhsVHB1MGtKWFBwDQpBQlZkb2hJUERqRHhkbjhXcFFSL0YrejFDaWtVcldIMDR4eTd1N1p6UUpLSlBuR0loY1FpOElyRm1PYkllMEc3DQpYWTZPTjdPRUZxY21KTFFHWWdtRzFXMklXcytQd1JwWTdENGhLVEFoVjFSNkVvamE1L3BPcmVDL09kZXlQWmVxDQo1SUZTOUZZZk02U0Npd2hrK3l2Q1FHbVo0YzE5SjM0ZjVFYkRrK1NQR2tEK25EQ0E3L3VMUWNUMlJURE14SzBaDQpuZlo2Nm1Sc0ZjcXRGaWdScjVFcmtKZDdoUVV6eHNOV0VrNzJEVUFIcVgvNlNjeWttSkR2V0plSUpqZlcNCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg==");
    private byte[] AC_RAIZ_ICPBRASIL = Base64.decode("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFdURDQ0E2Q2dBd0lCQWdJQkJEQU5CZ2txaGtpRzl3MEJBUVVGQURDQnRERUxNQWtHQTFVRUJoTUNRbEl4DQpFekFSQmdOVkJBb1RDa2xEVUMxQ2NtRnphV3d4UFRBN0JnTlZCQXNUTkVsdWMzUnBkSFYwYnlCT1lXTnBiMjVoDQpiQ0JrWlNCVVpXTnViMnh2WjJsaElHUmhJRWx1Wm05eWJXRmpZVzhnTFNCSlZFa3hFVEFQQmdOVkJBY1RDRUp5DQpZWE5wYkdsaE1Rc3dDUVlEVlFRSUV3SkVSakV4TUM4R0ExVUVBeE1vUVhWMGIzSnBaR0ZrWlNCRFpYSjBhV1pwDQpZMkZrYjNKaElGSmhhWG9nUW5KaGMybHNaV2x5WVRBZUZ3MHdNVEV4TXpBeE1qVTRNREJhRncweE1URXhNekF5DQpNelU1TURCYU1JRzBNUXN3Q1FZRFZRUUdFd0pDVWpFVE1CRUdBMVVFQ2hNS1NVTlFMVUp5WVhOcGJERTlNRHNHDQpBMVVFQ3hNMFNXNXpkR2wwZFhSdklFNWhZMmx2Ym1Gc0lHUmxJRlJsWTI1dmJHOW5hV0VnWkdFZ1NXNW1iM0p0DQpZV05oYnlBdElFbFVTVEVSTUE4R0ExVUVCeE1JUW5KaGMybHNhV0V4Q3pBSkJnTlZCQWdUQWtSR01URXdMd1lEDQpWUVFERXloQmRYUnZjbWxrWVdSbElFTmxjblJwWm1sallXUnZjbUVnVW1GcGVpQkNjbUZ6YVd4bGFYSmhNSUlCDQpJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBd1BNdWR3WC9odm0rVWgyYi9sUUFjSFZBDQppc2FtYUxrV2Rrd1A5L1MvdE9LSWdSckw2T3krWklHbE9VZGQ2dVl0azlNYS8zcFVwZ2NmTkFqMHZZbTVnc3lqDQpRbzllbXNjK3g2bTRWV3drOWlxTVpTQ0s1RVFrQXEvVXQ0bjdLdUxFMStnZGZ0d2RJZ3hmVXNQdDRDeU5yWTUwDQpRVjU3S00yVVQ4eDVycm16RWpyN1RJQ0dwU1VBbDJnVnFlNnhhaWkrYm1ZUjFRcm1XYUJTQUc1OUxya3Jqcll0DQpiUmhGYm9VRGUxREsrNlQ4czVMNms4Yzhva3BiSHBhOXZlTXp0RFZDOXNQSjYwTVdYaDZhblZLbzFVY0xjYlVSDQp5RWVOdlpuZVZSS0FBVTZvdXdkakR2d2xzYUt5ZEZLd2VkMFRvUTQ3Ym1VS2djbSt3VjNlVFJrMzZVT25Ud0lEDQpBUUFCbzRIU01JSFBNRTRHQTFVZElBUkhNRVV3UXdZRllFd0JBUUF3T2pBNEJnZ3JCZ0VGQlFjQ0FSWXNhSFIwDQpjRG92TDJGamNtRnBlaTVwWTNCaWNtRnphV3d1WjI5MkxtSnlMMFJRUTJGamNtRnBlaTV3WkdZd1BRWURWUjBmDQpCRFl3TkRBeW9EQ2dMb1lzYUhSMGNEb3ZMMkZqY21GcGVpNXBZM0JpY21GemFXd3VaMjkyTG1KeUwweERVbUZqDQpjbUZwZWk1amNtd3dIUVlEVlIwT0JCWUVGSXI2OFZlRUVSTTFrRUw2VjBsVWFRMmt4UEEzTUE4R0ExVWRFd0VCDQovd1FGTUFNQkFmOHdEZ1lEVlIwUEFRSC9CQVFEQWdFR01BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFRQVpBNWMxDQpVL2hnSWg2T2NnTEFmaUpnRldwdm1EWldxbFYzMC9iSEZwajhpQm9iSlNtNXVEcHQ3VGlyWWgxVXhlM2ZRYUdsDQpZakplKzl6ZCtpelBSYkJxWFBWUUEzNEVYY3drNHFwV3VmMWhIcmlXZmRyeDhBY3FTcXI2Q3VRRndTcjc1Rm9zDQpTemx3REFEYTcwbVQ3d1pqQW1RaG5aeDJ4SjZ3ZldsVDlWUWZTLy9KWWVJYzdGdWUySk5MZDAwVU9TTU1haUsvDQp0NzllbktOSEVBMmZ1cEgzdkVpZ2Y1RWg0YlZBTjVWb2hyVG02TVk1M3g3WFFaWnIxTUU3YTU1bEZFblNlVDB1DQptbE9BalIybUFidlNNNVg1b1NaTnJtZXRkenlUajJmbENNOENDN01MYWIwa2tkbmdSSWxVQkdIRjEvUzVubVBiDQpLKzlBNDZzZDMzb3FLOG44DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo=");
    private byte[] schefer = Base64.decode("MIIEnDCCBAWgAwIBAgICIPAwDQYJKoZIhvcNAQEEBQAwgcAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZIRVNTRU4xGDAWBgNVBAcTDzY1MDA4IFdpZXNiYWRlbjEaMBgGA1UEChMRU0NIVUZBIEhPTERJTkcgQUcxGjAYBgNVBAsTEVNDSFVGQSBIT0xESU5HIEFHMSIwIAYDVQQDExlJbnRlcm5ldCBCZW51dHplciBTZXJ2aWNlMSowKAYJKoZIhvcNAQkBFht6ZXJ0aWZpa2F0QHNjaHVmYS1vbmxpbmUuZGUwHhcNMDQwMzMwMTEwODAzWhcNMDUwMzMwMTEwODAzWjCBnTELMAkGA1UEBhMCREUxCjAIBgNVBAcTASAxIzAhBgNVBAoTGlNIUyBJbmZvcm1hdGlvbnNzeXN0ZW1lIEFHMRwwGgYDVQQLExM2MDAvMDU5NDktNjAwLzA1OTQ5MRgwFgYDVQQDEw9TY2hldHRlciBTdGVmYW4xJTAjBgkqhkiG9w0BCQEWFlN0ZWZhbi5TY2hldHRlckBzaHMuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJD095Bi76fkAMjJNTGPDiLPHmZXNsmakngDeS0juzKMeJA+TjXFouhYh6QyE4BlNf18fT4mInlgLefwf4t6meIWbiseeTo7VQdM+YrbXERMx2uHsRcgZMsiMYHMkVfYMK3SMJ4nhCmZxrBkoTRed4gXzVA1AA8YjjTqMyyjvt4TAgMBAAGjggHEMIIBwDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDALBgNVHQ8EBAMCBNAwOQYJYIZIAYb4QgENBCwWKlplcnRpZmlrYXQgbnVyIGZ1ZXIgU0NIVUZBLU9ubGluZSBndWVsdGlnLjAdBgNVHQ4EFgQUXReirhBfg0Yhf6MsBWoo/nPahGwwge0GA1UdIwSB5TCB4oAUf2UyCaBV9JUeG9lS1Yo6OFBUdEKhgcakgcMwgcAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZIRVNTRU4xGDAWBgNVBAcTDzY1MDA4IFdpZXNiYWRlbjEaMBgGA1UEChMRU0NIVUZBIEhPTERJTkcgQUcxGjAYBgNVBAsTEVNDSFVGQSBIT0xESU5HIEFHMSIwIAYDVQQDExlJbnRlcm5ldCBCZW51dHplciBTZXJ2aWNlMSowKAYJKoZIhvcNAQkBFht6ZXJ0aWZpa2F0QHNjaHVmYS1vbmxpbmUuZGWCAQAwIQYDVR0RBBowGIEWU3RlZmFuLlNjaGV0dGVyQHNocy5kZTAmBgNVHRIEHzAdgRt6ZXJ0aWZpa2F0QHNjaHVmYS1vbmxpbmUuZGUwDQYJKoZIhvcNAQEEBQADgYEAWzZtN9XQ9uyrFXqSy3hViYwV751+XZr0YH5IFhIS+9ixNAu8orP3bxqTaMhpwoU7T/oSsyGGSkb3fhzclgUADbA2lrOIGkeB/m+FArTwRbwpqhCNTwZywOp0eDosgPjCX1t53BB/m/2EYkRiYdDGsot0kQPOVGSjQSQ4+/D+TM8=");
    private static final byte[] circCA = Base64.decode("MIIDTzCCAjegAwIBAgIDARAAMA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKEwdHSVAtQ1BTMRgwFgYDVQQLEw9HSVAtQ1BTIEFOT05ZTUUwHhcNMDQxMDExMDAwMDAxWhcNMTQxMjMxMjM1OTU5WjA5MQswCQYDVQQGEwJGUjEQMA4GA1UEChMHR0lQLUNQUzEYMBYGA1UECxMPR0lQLUNQUyBBTk9OWU1FMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WyWDwcM58aUhPX4ueI1mwETt3WdQtMfIdRiCXeBrjCkYCc7nIgCmGbnfTzXSplHRgKColWhq/Z+1rHYayje1gjAEU2+4/r1P2pnBmPgquDuguktCIbDtCcGZu0ylyKeHh37aeIKzkcmRSLRzvGf/eO3RdFksrvaPaSjqCVfGRXVDKK2uftE8rIFJE+bCqow6+WiaAaDDiJaSJPuu5hC1NA5jw0/BFodlCuAvl1GJ8A+TICkYWcSpKS9bkSC0i8xdGbSSk94shA1PdDvRdFMfFys8g4aupBXV8yqqEAUkBYmOtZSJckc3W4y2Gx53y7vY07Xh63mcgtJs2T82WJICwIDAQABo2AwXjAdBgNVHQ4EFgQU8c/PNNJaL0srd9SwHwgtvwPB/3cwDgYDVR0PAQH/BAQDAgIEMBkGA1UdIAQSMBAwDgYMKoF6AUcDBwgAAAABMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcNAQEFBQADggEBAHRjYDPJKlfUzID0YzajZpgR/i2ngJrJqYeaWCmwzBgNUPaduBKSGHmPVg21sfULMSnirnR+e90i/D0EVzLwQzcbjPDD/85rp9QDCeMxqqPe9ZCHGs2BpE/HOQMP0QfQ3/Kpk7SvOH/ZcpIf6+uE6lLBQYAGs5cxvtTGOzZkjCVFG+TrAnF4V5sNkn3maCWiYLmyqcnxtKEFSONy2bYqqudx/dBBlRrDbRfZ9XsCBdiXAHY1hFHldbfDs8rslmkXJi3fJC028HZYB6oiBX/JE7BbMk7bRnUfHSpP7Sjxeso2SY7Yit+hQDVAlqTDGmh6kLt/hQMpsOMry4vgBL6XHKw=");
    private static final byte[] circCRLCA = Base64.decode("MIIDXDCCAkSgAwIBAgIDASAAMA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNVBAYTAkZSMRAwDgYDVQQKEwdHSVAtQ1BTMRgwFgYDVQQLEw9HSVAtQ1BTIEFOT05ZTUUwHhcNMDQxMDExMDAwMDAxWhcNMTQxMjMxMjM1OTU5WjA5MQswCQYDVQQGEwJGUjEQMA4GA1UEChMHR0lQLUNQUzEYMBYGA1UECxMPR0lQLUNQUyBBTk9OWU1FMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfEcFK0g7Kfoo5f2IBF7VEd/AG+RVGSds0Yg+u2kNYu4k04HR/+tOdBQtJvyr4W5jrQKsC5XskeFWMyWaFKzAjZDWB52HWp/kiMivGcxnYDuYf5piukSC+d2+vL8YaAphDzVHPnxEKqoM/J66uUussDTqfcL3JC/Bc7kBwn4srrsZOsamMWTQQtEqVQxNN7AROSRsdiTt3hMOKditc9/NBNmjZWxgc7Twr/SaZ8CfN5wf2wuOl23knWL0QsJ0lSMBSBTzTcfAke4/jIT7d4nVMp3t7dsna8rt56pFK4wpRFGuCt+1P5gi51xxVSdI+JoNXv6zGO4o8YVaRpC5rQeGQIDAQABo20wazAfBgNVHSMEGDAWgBTxz8800lovSyt31LAfCC2/A8H/dzAdBgNVHQ4EFgQUGa3SbBrJx/wa2MQwhWPldwLw1+IwDgYDVR0PAQH/BAQDAgECMBkGA1UdIAQSMBAwDgYMKoF6AUcDBwgAAAABMA0GCSqGSIb3DQEBBQUAA4IBAQAPDpYe2WPYnXTLsXSIUREBNMLmg+/74Yhq9uOm5Hb5LVkDuHoEHGfmpXXEvucx5Ehu69hw+F4YSrd9wPjOiG8G6GXiRcrK8nE8XDvvV+E1HpJ7NKN4fSAoSb+0gliiq3aF15bvXP8nfespdd/x1xWQmpYCx/mJeuqONQv2/D/7hfRKYoDBaAkWGodenPFPVs6FxwnEuH2R+KWCUdA9L04v8JBeL3kZiALkU7+DCCm7A0imUAgeeArbAbfIPu6eDygm+XndZ9qi7o4OAntPxrqbeXFIbDrQ4GV1kpxnW+XpSGDd96SWKe715gxkkDBppR5IKYJwRb6O1TRQIf2F+muQ");
    private static final byte[] circCRL = Base64.decode("MIIB1DCBvQIBATANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGUjEQMA4GA1UEChMHR0lQLUNQUzEYMBYGA1UECxMPR0lQLUNQUyBBTk9OWU1FFw0xMDAxMDcwMzAwMTVaFw0xMDAxMTMwMzAwMTVaMACgTjBMMB8GA1UdIwQYMBaAFBmt0mwaycf8GtjEMIVj5XcC8NfiMAsGA1UdFAQEAgILgzAcBgNVHRIEFTATgRFhYy1naXBAZ2lwLWNwcy5mcjANBgkqhkiG9w0BAQUFAAOCAQEAtF1DdFl1MQvfvNkbrCPuppNYcHen4+za/ZDepKuwHsH/OpKuaDJc4LndRgd5IwzfpCHkQGztshK50bakN8oaYJgthKIOIJzR+fn6NMjftfR2a27Hdk2o3eQXRHQ360qMbpSyqPb3WfuBhxO2/DlLChJP+OxZIHtT/rNYgE0tlIv7swYi81Gq+DafzaZ9+A5tI0L2Gp/NUDsp5dF6PllAGiXQzl27qkcu+r50w+u0gul3nobXgbwPcMSYuWUz1lhA+uDn/EUWV4RSiJciCGSS10WCkFh1/YPo++mV15KDB0m+8chscrSu/bAlB19LxL/pCX3qr5iLE9ss3olVImyFZg==");
    private static byte[] crlFake = Base64.decode("MIIBzTCBtgIBATANBgkqhkiG9w0BAQsFADAiMQswCQYDVQQGEwJYWDETMBEGA1UECgwKQ1JMcyAnciBVcxcNMjQwMzI1MTg0NzAwWhcNMjQwNDAxMTg0NzAwWqBgMF4wCgYDVR0UBAMCAQEwHwYDVR0jBBgwFoAU/NE0t8uklbG2WeoLBWIe6JqPtDowLwYDVR0cAQH/BCUwI6AeoByGGmh0dHA6Ly9mb28uZXhhbXBsZS9jcmwuZGxshAH/MA0GCSqGSIb3DQEBCwUAA4IBAQAN8oDSvWsg3JvUJ4MkXvczaFb72VH0J/VL5PV2cBSmMfaVBKnUsNr1IcxT06KF8gNrDTpKqJ9fetO290swZfcPt9sEVUBVQUpdlQc3tya1jYWmFkA3tkpqH5rBCQa3CBm1Cg8cbFBtwWgWr70NsVvfD6etjAEP9Ze+MSXnGV0pw9EeOV07HnSD/PGQwqCiaSn5DdIDVoH8eFSGmgNLw+b4SwUjmz8PqsZwvHxJvleV1D8cj7zdR4ywgRMjEfJZ8Bp+Tdu64Gv0doDS0iEJIshLHYkcW1okpq/tPm8kKAbDreparePNQwhScVcDiSL73eEBIPokgG3QhohiucP5MeF1");
    private static byte[] crlIssuer = Base64.decode("MIIDMzCCAhugAwIBAgIUPOARSBZTC4SU8f/RrhdPXfZVh9EwDQYJKoZIhvcNAQEL\nBQAwIzELMAkGA1UEBhMCWFgxFDASBgNVBAoMC0NlcnRzICdyIFVzMB4XDTI0MDMy\nNTE4NDcwMFoXDTI1MDMyNTE4NDcwMFowIjELMAkGA1UEBhMCWFgxEzARBgNVBAoM\nCkNSTHMgJ3IgVXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCleY8S\ngEwPfvfUcIuix5dC7MgFudzaJROINa3u7cW0Rh+mivfepuGl9I683qinDebmE1Sq\nbVyHDi4RqpM+BCQ0EnW6idriL+13BqNU4QRd68gwF4eNXw9rtmixVGvcvcUngNnz\nXPrJyWqarjFQ8ECH09I9q/Fv3OAWPmTbzAgWdXV7cx/pCHFNEU3qSWeXkbumKV5l\nDqTs/J82/n5HZfRjUVIMbf4X6/9wA9BQX8aYbUMng49M5GVd/bg3RXGBLF4lXIUd\nIPpGYrKT2V+EFq9yKqbnXawTXKw7mBNoIbaN950f1VMdf8czsPNxdeCHJzNtQV70\naOqa2hLzxAxzAz7DAgMBAAGjYDBeMB0GA1UdDgQWBBRdiKBrVfofgq1XL7AZu3Wk\nt83qzjAfBgNVHSMEGDAWgBS04fYwVDNa70uNyIJtV75OHwEHmTAMBgNVHRMBAf8E\nAjAAMA4GA1UdDwEB/wQEAwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAF5XrOXxVfCFb\nS5EXxpAk8iXMAOfcfYiWEUT9DdJ3ABeAFnhbiLdlKq8J3BGr1Iiveo2pE9fKz9s/\n2tZjzbe9Kfg05mfyn9DS5AoWjieW5zaAZpDR9pKkq9/d7pDTbHwvDnNLoMMHRPZP\n2tsBhjcPPay8zWKLz+8dfPyrGpbGfFg/zd3KBNefc12Sl0Iw6XQUaIpDxyJBvpIU\n0Xo1R1F22gJ7oG1zI28mr6SGyBvJ8r1c0sQ1qQt+iA/0M5qXRjuLIhO8/ajlMQwP\nSdasa53HOErxWqsxNRpwJkaynSiKSwGeqLxdTYwWcWrsYB7RqKgjbQnhSBSd3TKm\nH2P790A+oQ==");
    private static byte[] crlSecretary = Base64.decode("MIIDejCCAmKgAwIBAgIUI4Xq9G+KWEr2NPfGbY4A2dfXp50wDQYJKoZIhvcNAQEL\nBQAwIzELMAkGA1UEBhMCWFgxFDASBgNVBAoMC0NlcnRzICdyIFVzMB4XDTI0MDMy\nNTE4NDcwMFoXDTI1MDMyNTE4NDcwMFowIjELMAkGA1UEBhMCWFgxEzARBgNVBAoM\nCkNSTHMgJ3IgVXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkynb7\nzm0ooFfVkkqj9ppBiTh0YGUqv7/jQoFMDJ/XVtYGUJdyPTXoD9cP1ZypzONmK07U\nRc0WMug47hv2tZgrVOxqrGQqDD7e4LM3luinwG5eW3XYT4eJr6Urbk8KSdKSYzqj\nwjY217KQ8DDgioUInWBUyz5UWrG014QbcEgwX0JGpQrwaaPQtbUd58f5x/LCdsXC\np41ySSNsYoKhDawnNblLVxhr+Vp7eQ0wj7LaD/+k12ZDMQbkj3PsGBiWqm+e2uwV\nn9cq9kK6ARN0svju5dpDw5hERRrQ1GR87WvHWHUtmnR7s7+xacRpZTUvJ5Xsi0Rf\nEq1SDPYPyT8ksrt7AgMBAAGjgaYwgaMwHQYDVR0OBBYEFPzRNLfLpJWxtlnqCwVi\nHuiaj7Q6MB8GA1UdIwQYMBaAFLTh9jBUM1rvS43Igm1Xvk4fAQeZMAwGA1UdEwEB\n/wQCMAAwUwYDVR0fBEwwSjBIoB6gHIYaaHR0cDovL2Zvby5leGFtcGxlL2NybC5k\nbGyiJqQkMCIxCzAJBgNVBAYTAlhYMRMwEQYDVQQKDApDUkxzICdyIFVzMA0GCSqG\nSIb3DQEBCwUAA4IBAQBY72Z1LwWsVbnYl6ZhWDAAuy0bwTMKwF8JwpG1PpFzC6p0\nDJd36c3ZOzRYgjpmApi3X9lFx0oyuZOjBIlMtqnXgKjYBytF2jmf8DziIsCnvMI8\n1IiFRjWjm56y0xaxBqv9yzvTqKG198vxakxPAUn8oONMtLvqHAvoQyHCBej5Xirg\njoJkPeHeRwl9sgYZcqowNHGHiBX8KtXeatkHkpmxZO5cunGD+RcOnBpJEfZJhopX\nGaW1DPRY0qqPFhnLcQsv8UZEyDxyYH/HuGaZy3u9lT1SqlOx2zzQnTK6EyIc92n3\nsuILIm4MBrqXYXUlHkMzLmpJGH9lg9xaFn3vCU7Q");
    private static byte[] crlRoot = Base64.decode("MIIDFjCCAf6gAwIBAgIUF/hP3a/TkmHlfhYYUiFNw/H5lMwwDQYJKoZIhvcNAQEL\nBQAwIzELMAkGA1UEBhMCWFgxFDASBgNVBAoMC0NlcnRzICdyIFVzMB4XDTI0MDMy\nNTE4NDcwMFoXDTI1MDMyNTE4NDcwMFowIzELMAkGA1UEBhMCWFgxFDASBgNVBAoM\nC0NlcnRzICdyIFVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomfH\nKuGQzqGkFGSsKLESgJbRRRQsIuJ19w/sumNHNPnbl93rEgdoF1y2yUFcY0ZipZCg\nlIpfhOkp6I+WLtF59t8vLw30P1ZBwmbjC54EwGLH3WRDPS0j+33TfDjNdQRwY4u6\nj2EK6drXPhBPsaG0map3VfWQelaStAoIC6evoYFzfO2E7Ik4xv06U47WHefseBue\nZcsFvfW3bf/E04PFc2YssUyqjiaa0sU/w7l9xj2P+vCqpM393ZWJX6GRcns/wUJ/\nna7iXpIO82EV3/eExeXoHc912L+m0HoB86RYQat+wyhX6Z5i1ApU6zXqGU7D8cPD\nDrbIjwLDMwKPbC9FjwIDAQABo0IwQDAdBgNVHQ4EFgQUtOH2MFQzWu9LjciCbVe+\nTh8BB5kwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcN\nAQELBQADggEBAJGeqkMrzOgesGaCHJJgX/qpG7bp4KPPL0bi7EYnT1cuy5ss053I\nOoh5APYn+GrufWjYn4mwSekvuRTB6VdR4YMeoYPMxWJRp3l7s0aHLo98BbW9WX+4\nju+K/Dndbrs1v7r4IB79hu4QtR7BVaEQ8UjqY+/I1VeYKtAd7scQGKpSNOPN3YVu\n+QY3fXy+nfDhj7drUeAHVj+Qz/6RZOIhmIPj7adsZhDQwvMG3cAkAfVGncP7n+cN\nnqZyYu8PPQp4g+QM42kXXBu5N8QwkCtcMe2nvKiQvEOZww70N3mTIK8CSxLla5pI\n635lNPBZubGF6m35P7EArB0JuU2KYNgUxis=\n");
    private static byte[] crlVictim = Base64.decode("MIIDjTCCAnWgAwIBAgIUW8wsCzJEg7WzpMvkUKyloeKqKLYwDQYJKoZIhvcNAQEL\nBQAwIzELMAkGA1UEBhMCWFgxFDASBgNVBAoMC0NlcnRzICdyIFVzMB4XDTI0MDMy\nNTE4NDcwMFoXDTI1MDMyNTE4NDcwMFowJTELMAkGA1UEBhMCWFgxFjAUBgNVBAoM\nDVVubHVja3kgJ3IgV2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6\nerJm/+hf6IhoqCYfX+y6uiVSSF/J6VyENk+oXS2g71g1sapGCXRO8xlDqH1rhFzC\nIJ56nC14K9w4r+6D3FUKw4G5sKMRTMX7U5brjd8wRd3XHAIUdSCP9SVrNz6bmcjf\nB27vBT0ifIC7bQg7Y01BoqnBPObuwT7ufk951rFzCIagzSylzR/GRNhMYo4rO6jw\nIh84LpAxUQ1vFAaBb5GCVhXoUWecu+RtIaIDo9tn8PF16O6VW8zPmsoV9HELD8Sx\nHuoSXXcsF2OW55XLeAO+l1tikAVqA6nUvQx03bb3TW7W+3v6nGzG308fHA32TdLk\nZLK9nPnF5hF4pFmWpjwHAgMBAAGjgbYwgbMwHQYDVR0OBBYEFMitbC8lM9mw/hc6\nTnvL5vpAyfpZMB8GA1UdIwQYMBaAFLTh9jBUM1rvS43Igm1Xvk4fAQeZMAwGA1Ud\nEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMFMGA1UdHwRMMEowSKAeoByGGmh0dHA6\nLy9mb28uZXhhbXBsZS9jcmwuZGxsoiakJDAiMQswCQYDVQQGEwJYWDETMBEGA1UE\nCgwKQ1JMcyAnciBVczANBgkqhkiG9w0BAQsFAAOCAQEAmysx1oqEUDUpLg98K9Rw\nAXTykVDjjG0ZKg7UtDcaIeBfomhXv+Sh2oz9zqqZQ5/4HGIwe2fAsbQZmlH//8Yb\novEZCo3WmhJSyTDB2KLebPJLw5HOi7QrAjYJWKR+pkuQmxMPoSAdMXRkiBmzYjZL\nlxHaT6Y2IMZ6kVtHCmcOFaHWJyPAUZ4ymO03cb/1M73ioecf9jMgIf7YBaopty2p\nX2GVHaCE1m7u+2WU45b34PBRY/ZvhZvuJKi3TfuaLMJFPz6HY4XbHPnlBP4EwXpC\n5VaJvOMXWZPWh/yrCVEKMzFxesbwHV/vyOUls0P4kIY383/78MvzchHLhwR7h2fy\nIw==");
    static byte[] extEE = Base64.decode("MIICtDCCAh2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxKDAmBgNVBAsMH0JvdW5jeSBJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUxLzAtBgkqhkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTE1MDMyNDAzNTEwOVoXDTE1MDUyMzAzNTEwOVowgZYxCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHDAlNZWxib3VybmUxGDAWBgNVBAMMD0VyaWMgSC4gRWNoaWRuYTEvMC0GCSqGSIb3DQEJARYgZmVlZGJhY2stY3J5cHRvQGJvdW5jeWNhc3RsZS5vcmcwWjANBgkqhkiG9w0BAQEFAANJADBGAkEAtKfkYXBXTxapcIKyK+WLaipil5hBm+EocqS9umJs+umQD3ar+xITnc5d5WVk+rK2VDFloEDGBoh0IOM9ke1+1wIBEaNaMFgwHQYDVR0OBBYEFNBs7G01g7xVEhsMyz7+1yamFmRoMB8GA1UdIwQYMBaAFJQIM28yQPeHN9rRIKrtLqduyckeMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBQUAA4GBAICrsNswvaXFMreUHHRHrhU4QqPOds8XJe0INx3v/5TfyjPPDMihMEm8WtWbVpFgFAqUQoZscf8cE/SO5375unYFgxrK+p2/je9E82VLF4Xb0cWizjQoWvvTmvFYjt43cGGXgySFLTrW87ju9uNFr/l4W9xvI0hoLI96vEW7Ccho");
    static byte[] extCA = Base64.decode("MIIDIzCCAoygAwIBAgIBAjANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJBVTEoMCYGA1UECgwfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECwwaQm91bmN5IFByaW1hcnkgQ2VydGlmaWNhdGUwHhcNMTUwMzI0MDM1MTA5WhcNMTUwNTIzMDM1MTA5WjCBkjELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxKDAmBgNVBAsMH0JvdW5jeSBJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUxLzAtBgkqhkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCN4NETxec2lpyNKwR6JD+P4Y7a1kzenoQtNmkjDKSG98/d4fjuxU0ZBf/wSsyF5hCT4YDK3GzqQH8ZPUS7DpRJuNu0l4TNnjYmDDngapRymZeMbtgwByTohxmM/t4g8/veZY+ivQeL6Uajkr00nytJxIbiDEBViOMGcGyQFzCOaQIDAP//o4G9MIG6MB0GA1UdDgQWBBSUCDNvMkD3hzfa0SCq7S6nbsnJHjCBhAYDVR0jBH0we4AUwDYZB63EiJeoXnJvawnr5ebxKVyhYKReMFwxCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMSMwIQYDVQQLDBpCb3VuY3kgUHJpbWFyeSBDZXJ0aWZpY2F0ZYIBATASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GBAJqUlDjse7Og+7qkkFsiXHzQ8FxT82hzfcji8W7bPwZddCPBEluxCJiJBPYXWsLvwo6BEmCDzT9lLQZ+QZyL1fVbOVHiI24hAalbEBEIrEO4GXMD9spqRQ5yoTJ8CgZHTPo0rJkH/ebprp0YHtahVF440zBOvuLM0QTYpERgO2Oe");
    static byte[] extTrust = Base64.decode("MIICJTCCAY4CAQEwDQYJKoZIhvcNAQEFBQAwXDELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxIzAhBgNVBAsMGkJvdW5jeSBQcmltYXJ5IENlcnRpZmljYXRlMB4XDTE1MDMyNDAzNTEwOVoXDTE1MDUyMzAzNTEwOVowXDELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxIzAhBgNVBAsMGkJvdW5jeSBQcmltYXJ5IENlcnRpZmljYXRlMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCyWdLW5ienaMlL42Fkwtn8edl6q5JTFA5b8XdRGXcx1vdUDSUJ57n/7gpwpuJtVuktLt1/hauoVgC2kInzX2vb88KY4FhCU12fBk5rA5HLfTBuCi0gxN+057SalkC96ibBCtacPwUAfOJRPO5Ez+AZmOYrbDY30/wDkQebJu421QIBETANBgkqhkiG9w0BAQUFAAOBgQCDNfqQnQbbmnGzZTl7ccWIyw7SPzWnijpKsQpuRNGkoXfkCcuQLZudytEFZGEL0cycNBnierjJWAn78zGpCQtab01r1GwytRMYz8qO5IIrhsJ4XNafNypYZbi0WtPa07UCQp8tipMbfQNLzSkvkIAaD5IfhdaWKLrSQJwmGg7YAg==");
    static byte[] extInvEE = Base64.decode("MIICJjCCAY+gAwIBAAIGAV3Y0TnDMA0GCSqGSIb3DQEBCwUAMBExDzANBgNVBAMMBktQMSBDQTAeFw0xNzA4MTIyMzM5MzJaFw0xNzA4MTMwMDA5MzdaMBExDzANBgNVBAMMBktQMSBFRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuOcqkp2+HBCuwRDwfR7kkUYXMdhScDG8m6A3Af6hpG86nAimNoVIQe3REaQ6IO0XSdd13rjjRwIXsUFLsrQhQJczF5JeyWXcaYqZyNNbUwFuLeSqOsLS63ltjOJYqOJRxY03Cr//baGWvxGXcRvHoZkg1nEXPcMZhgsy/9JxVoUCAwEAAaOBiDCBhTBABgNVHSMEOTA3gBSPMqzNmTdyjQmr9W1TSDW1h0ZzFaEXpBUwEzERMA8GA1UEAwwIS1AxIFJPT1SCBgFd2NE5wjAdBgNVHQ4EFgQUC1rtYrQdQkA3CLTeV1kbVIdysKQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAGr841G7E84Ow9+fFGW1zzXeTRfxsafdT/bHXCS75bjF2YPitKLcRLkm92VPxANRXIpmt++3iU/oduWqkLsfXnfTGmCwtjj/XrCvkCBQ4GONwmegltJEThMud0XOEB1UN6tfTINfLYpbyfOdE/wLy4Rte0t43aOTTOBo+/SapYOE=");
    static byte[] extInvCA = Base64.decode("MIICKDCCAZGgAwIBAgIGAV3Y0TnCMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNVBAMMCEtQMSBST09UMB4XDTE3MDgxMjIzMzkzMloXDTE3MDgxMzAwMDkzN1owETEPMA0GA1UEAwwGS1AxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7Qd/cTP5S0GoPcomcZU5QlJcb1uWydvmQx3U6p4/KOZBhk6JXQeSzT8QZ/gd+9vfosA62SEX+dq7MvxxzeERxdIsVU0zZ1TrYNxlQjnYXiYRVXBczowsxseQ9oSGD94Y4buhrMAltmIHijdzGRVMY41FZmWqNXqsEwQXj6ULX+QIDAQABo4GIMIGFMEAGA1UdIwQ5MDeAFAbfd2S3aiwFww3/0ocLa6ULQjJMoRekFTATMREwDwYDVQQDDAhLUDEgUk9PVIIGAV3Y0TnBMB0GA1UdDgQWBBSPMqzNmTdyjQmr9W1TSDW1h0ZzFTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOBgQCnmxQYy6LnvRSMxkTsGIQa4LB51O8skbWc4KYVDfcvTYQuvn6rE/ZoYf82jKXJzXksffanfjn/b38l4l8hwAcBQ8we9yjCkjO8OVDUlYiSGYUhH2ZJrl2+K2Z6wpakZ9Lz3pZ/PSS1FIsVd4I1jkexAdAm1+uMlfWXVt/uTZx98w==");
    static byte[] extInvTrust = Base64.decode("MIIBmjCCAQMCBgFd2NE5wTANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhLUDEgUk9PVDAeFw0xNzA4MTIyMzM5MzJaFw0xNzA4MTMwMDA5MzdaMBMxETAPBgNVBAMMCEtQMSBST09UMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8U3p6Y9ah0yQ58wpI3H6vQPMdhN6Hh+zuiNzwX3AIpEspUFTfqXJ6EIhqh/EraDnLnoFBajzihwS1y6a+ZyXYKa5pxbFsslmzms+ozcTaJ4mSMiC+DHbGYdOAEzwx2nsEt7UKyrlnl5h2kQFusUPmnXXEorIxhpS2Lul+zEBo1wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBABClwXaJ8S66GmeySf1thOPc1GxIHuubezIjcBbECLZQqn7iwuzp+eft1vtnqNP7BWM1xBZkSe+/2xUsArc1rb1ffZHF3k92+WLbpDh3+NsQIod/91HRWUuu/S2g9oMK4b7BH8JrmBgy3ewtpNZwOaKF613GPCeGv3ya5Z24vBu+");
    static byte[] extInvV2Trust = Base64.decode("MIIBmjCCAQMCBgFd2NhVgTANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhLUDEgUk9PVDAeFw0xNzA4MTIyMzQ3MThaFw0xNzA4MTMwMDE3MjNaMBMxETAPBgNVBAMMCEtQMSBST09UMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQaASWM5avAAJ57eHQ2zQ0k/mAiYSOkRKDLEzptDPYfzuQtTdAlBPn7tsYx+Ylge4YQwtx5bQZbc3apinBK9tn+c++go0kUF1cec2bacYyFokSP2r48j6ZhlY4MYGfrvfWHULrG2JL2BMeuZVP+wiqXktXCEKVG1fh1m6RY0TJPwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAC9mXO2i2vltBZZa7RMkizvhzhsehDHbEqvJd2aoWE9JG4sDo2tiIVN5vbq9EWLZVga3ejFzmQ+FI1Ty0xX3fwDgvUyxsveGTs40xwA9TEgVk1KNTQQs+sLE9rRB7L0giKn2DDmHFsOPL1KwxdzqD7vYhJr5av3eAsJpMxF+Anyg");
    static byte[] extInvV2CA = Base64.decode("MIICKDCCAZGgAwIBAgIGAV3Y2FWCMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNVBAMMCEtQMSBST09UMB4XDTE3MDgxMjIzNDcxOFoXDTE3MDgxMzAwMTcyM1owETEPMA0GA1UEAwwGS1AxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgb8h3h9d/FzhIc+PMbF0vwdiDKw7N3dNyY6TrmzCMC1mYDXSKmxxDwNKZCKj6VSNfbTDqxYKlZMoGVT8Cl/iE/+XEhOKYLv73rzTqzdMizqcQTCvwps1enGxI5wPBYKGCMWrpJui5RWV9wH6hMvmzSSZq7bdWTvc/pIltCpIj8wIDAQABo4GIMIGFMEAGA1UdIwQ5MDeAFMOcs/uWpVOkGRQJrVIp6cN6tCJQoRekFTATMREwDwYDVQQDDAhLUDEgUk9PVIIGAV3Y2FWBMB0GA1UdDgQWBBTsZ2B5JbgKm9/up2hOcYVyOaM1SjASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOBgQBI8J1bKh/e+uEZtfngKMADS1PSHztAPFFKXgeIfYeJDRznnamtbheensdxrA+aoriJbJfHxmjecr4xA8+s0uN9GPtQ3+ad1K5Sg6mfzsXtNPf3xa9y0pIWOGZavr1s/QugoPLQxEiuHrvkHX5+sZlx47KoBQJ8LBRmJydeSvxz1g==");
    static byte[] extInvV2EE = Base64.decode("MIICJjCCAY+gAwIBAQIGAV3Y2FWDMA0GCSqGSIb3DQEBCwUAMBExDzANBgNVBAMMBktQMSBDQTAeFw0xNzA4MTIyMzQ3MThaFw0xNzA4MTMwMDE3MjNaMBExDzANBgNVBAMMBktQMSBFRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzWXxtMpnjz8Q1qTdwpB66W2D0vEHhqow2PTsvfQdENL4AFESE1C7Cj3lLBTei1vRHCnpM0jdNghBW8k/u2b2tqeeWLBqwul0tEGbjtUwkYV2WgtTGmiYZZFfMH35HIvqlZMwIIdZqz4lEdkPiAPEUOELvycpVDFnWjF0qah5LqsCAwEAAaOBiDCBhTBABgNVHSMEOTA3gBTsZ2B5JbgKm9/up2hOcYVyOaM1SqEXpBUwEzERMA8GA1UEAwwIS1AxIFJPT1SCBgFd2NhVgjAdBgNVHQ4EFgQUfeKdn63Gmlkub8m8bwjqJook5ywwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAco35KYLE683l53J6V1q2tcMV3EpM39tifkL7Kl38oX9d3SGiKkEO6YFeQekRyto0Z91mPq7Pe/oOfDrfsY3r9KX7oqnhOKBnnR/58atM9udVLvuLfCJpxiroAldSkhRKvHG5MrFwZyDcVkTZF4GDrP6bojp32wVfU5EYkfwcJN8=");
    static byte[] extInvVersionTrust = Base64.decode("MIIBmjCCAQMCBgFd2RZiPjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhLUDEgUk9PVDAeFw0xNzA4MTMwMDU1MDRaFw0xNzA4MTMwMTI1MDlaMBMxETAPBgNVBAMMCEtQMSBST09UMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPn6zObnrjGPUb0ozc3MCOOcHwtQABZmUHtB1jxRXWwYXKo+iTms2wJjDS5fhz2UmUptsbdFwPdvT2t7K8cpaZBcovC3jLvEAMmjO+nU3FQrdopZ6MhBjpgIezAvJ9LUhrYctqUJzfViqtLl0dL+YRjaVdfCz5z0iZn4rv2VSf3QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAHtS9RjMIRzeEpH9MKIaMLR7wVb55MYW7E2CVuIbsHmT+KyDBFsYbAylgc76cH1b8F53ECygS9jCpzfKtO61WVPPlUhsL13i2XbzCtj8DSPXaW5pgvpwClQZ+dpGFz8D/MYLSdjTdls8dbhJ5O08ckSKcrIGHcF90oeepVXOmiTw");
    static byte[] extInvVersionCA = Base64.decode("MIICKDCCAZGgAwIBAgIGAV3ZFmI/MA0GCSqGSIb3DQEBCwUAMBMxETAPBgNVBAMMCEtQMSBST09UMB4XDTE3MDgxMzAwNTUwNFoXDTE3MDgxMzAxMjUwOVowETEPMA0GA1UEAwwGS1AxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChlaZhX9/eHmtfravHzs/E0g6ZhWTmD9aNNvuuz/GCBF9AMS6QQCGVhEzxESn0gLzs1bM/9M/EaylHS3Ecvi6QYdkrTKRDj38FDzrDhiPlM3TxY0XuUQ3Py590k8yZDcuEeVEQeoUx83qOnO7o/cL+vECfMj9ImYFFgY5sMcKkVQIDAQABo4GIMIGFMEAGA1UdIwQ5MDeAFAfTyJtmNkinVjfd7/2Giy6krDTpoRekFTATMREwDwYDVQQDDAhLUDEgUk9PVIIGAV3ZFmI+MB0GA1UdDgQWBBQkMq+wajXvKQaJtSdpvDJn77bU9zASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOBgQAqmKtykmixemAvppo2tTmekLsL93+/DMR+oz1iK2rjhqYzEF1/pM9VUyG+Ni1924U8tzGbXv2lL3MiToRSyjO50HHfnE7PfOvNiTUj73PTn27tPl03eWO3CtsOTGxtE2vpNyXyFXm4SFZlSicOXE0o/kUrNGVYvnjs/jjcNlPiHQ==");
    static byte[] extInvVersionEE = Base64.decode("MIICJjCCAY+gAwIBBQIGAV3ZFmJAMA0GCSqGSIb3DQEBCwUAMBExDzANBgNVBAMMBktQMSBDQTAeFw0xNzA4MTMwMDU1MDRaFw0xNzA4MTMwMTI1MDlaMBExDzANBgNVBAMMBktQMSBFRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6PXdCOvE33+mMcal/rC+I7zdJqcc6OBhn+Lyku29TRcYplMA5mkh7WkjLtRYBUAzHukN/GXb1Mo+dFkvCnKO/l4gLWyVuf23rL6iELt8X1KVJdJlrDElCmTgl6lA0Omq7QhNrsv5Vdk7mK2mbJzl0bj4fcu5dc23nQXEskmGrZsCAwEAAaOBiDCBhTBABgNVHSMEOTA3gBQkMq+wajXvKQaJtSdpvDJn77bU96EXpBUwEzERMA8GA1UEAwwIS1AxIFJPT1SCBgFd2RZiPzAdBgNVHQ4EFgQU3Nw/DFxNqK1fRhc/W8W4o3mkCHQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADgYEAjMTiKgLC2Kb5+elvfD/+CM8pNeLt5Y43sMSTpgIrebdWPA2hyvjvW/upsIYIquGrymOYBU/K0abQlkNUbBHpQCQMPQ6iPXuhTQj/P7rt7McLl6OXV/DQqgF+39y0xWAzoZbgMKrQaSr9oRmEVt6xzLM92JS67w8Xgbh39PGBfEg=");
    static byte[] extInvExtTrust = Base64.decode("MIIBmjCCAQMCBgFd2SFqKjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhLUDEgUk9PVDAeFw0xNzA4MTMwMTA3MDdaFw0xNzA4MTMwMTM3MTJaMBMxETAPBgNVBAMMCEtQMSBST09UMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEY3toxiphhoeoTd79/Uznb1YyKjYgxtXkYVQLZ+Q76bJFQftVVcUHw25/A/2qgSc8XPflGRpn82Qn/B7s3fxEglgeY0ekdYjea5+jZSJj70p1QcC60yH1NKGxE0ASBuv/22IoHhdu5dOTmiWegikKUXblBD1wAxbbvOcXFs2x/wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJPG9wt9edpTaCc0z03xGNF/M6x5cLx5eLgZaBFt+FO3S1xWIVby+iU8Hw2mzHOc58Fghw1jEwLaslQYadx9667NedGu7dYyY318h+VhaDppQqkhJiQl5Q8aTvVNt60fDEVLjvB7E6Z+CafVGR1jNrXxLDe6zVf/BZJK7QrkTKh4");
    static byte[] extInvExtCA = Base64.decode("MIICKDCCAZGgAwIBAgIGAV3ZIWorMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNVBAMMCEtQMSBST09UMB4XDTE3MDgxMzAxMDcwN1oXDTE3MDgxMzAxMzcxMlowETEPMA0GA1UEAwwGS1AxIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJKySmanEENpLJdPwpM/v0I7H0bW9ZlIxRpiL+/Z4uvF3j0r0O42Tm+dW8Ub42DzHcQ8pK/n/k2Wb4Jf7cP8+TGTAne3bgC24USW131XUZxaunGt4tCqZ0RNWpmBQUcUM0lgntDSfcvyv3QFB+nwLc93GYij9l3FaeUcHkwFiKsQIDAQABo4GIMIGFMEAGA1UdIwQ5MDeAFLnC9UF+JqEqboFH84ab9dEAkwEBoRekFTATMREwDwYDVQQDDAhLUDEgUk9PVIIGAV3ZIWoqMB0GA1UdDgQWBBQkr/0UP1MKPGQH7bkRNctHMsVQsjASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOBgQCZxLwkAPif1H2P398MHK3NLf3mrmLsP41ZphdHnSLNROlY9PdO5I/dfhElzVXW2oxecIIKbOQsjZe0FOSGvZHEhLftQmOdfGc5QfGf5w9CSFCCBe5vHdMjglRLVhNB51jz6DB7Dp0MjFDgkQI4lBHaiMVkE+HUZjNLwBddHH58Sw==");
    static byte[] extInvExtEE = Base64.decode("MIICNjCCAZ+gAwIBAgIGAV3ZIWosMA0GCSqGSIb3DQEBCwUAMBExDzANBgNVBAMMBktQMSBDQTAeFw0xNzA4MTMwMTA3MDdaFw0xNzA4MTMwMTM3MTJaMBExDzANBgNVBAMMBktQMSBFRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAj6WOoo8xHLLo+CT0l288xZDK3OsF64lPfNVkFnrRI65Ywl89M19nNF5Q24hF1FS6getO5oU+BhvRqft1/De22SME9SzKqs3G6uMxACKrMqgni1QBEOC/DdZ5Uaxh2s4lEgxbN0PQZIarAgLtAIgzRM4CrvofxFMwQy/neUuWmeMCAwEAAaOBmDCBlTBABgNVHSMEOTA3gBQkr/0UP1MKPGQH7bkRNctHMsVQsqEXpBUwEzERMA8GA1UEAwwIS1AxIFJPT1SCBgFd2SFqKzAdBgNVHQ4EFgQU/yuQXlvqXJQsbqB6whCPu5bwFCAwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4GBABYUGar9s7wlM3Qlnja7uc7U8FqU+xH4e8/Jk64ku7DdwXelEbKo/FTFAzh464aiFP4eMDOH7YThXyTruPudEAvYyWY7eaEgRqA2MmL0uWHSrN+HR9aBeqrMCJK/E2e1egvk2whJHMimhDUFJ3cIPsFhazMvLTnVgWGMjOqQtuP+");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.bouncycastle.jce.provider.test.CertPathValidatorTest$1, reason: invalid class name */
    /* loaded from: input_file:org/bouncycastle/jce/provider/test/CertPathValidatorTest$1.class */
    public static class AnonymousClass1 {
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/jce/provider/test/CertPathValidatorTest$DodgyCertificate.class */
    public class DodgyCertificate extends ASN1Object {
        ASN1Sequence seq;
        DodgyTBSCertificate tbsCert;
        AlgorithmIdentifier sigAlgId;
        ASN1BitString sig;
        private final CertPathValidatorTest this$0;

        DodgyCertificate(CertPathValidatorTest certPathValidatorTest, byte[] bArr) {
            this.this$0 = certPathValidatorTest;
            this.seq = ASN1Sequence.getInstance(bArr);
            if (this.seq.size() != 3) {
                throw new IllegalArgumentException("sequence wrong size for a certificate");
            }
            this.tbsCert = new DodgyTBSCertificate(certPathValidatorTest, ASN1Sequence.getInstance(this.seq.getObjectAt(0)), null);
            this.sigAlgId = AlgorithmIdentifier.getInstance(this.seq.getObjectAt(1));
            this.sig = ASN1BitString.getInstance(this.seq.getObjectAt(2));
        }

        public DodgyTBSCertificate getTBSCertificate() {
            return this.tbsCert;
        }

        public ASN1Integer getVersion() {
            return this.tbsCert.getVersion();
        }

        public int getVersionNumber() {
            return this.tbsCert.getVersionNumber();
        }

        public ASN1Integer getSerialNumber() {
            return this.tbsCert.getSerialNumber();
        }

        public X500Name getIssuer() {
            return this.tbsCert.getIssuer();
        }

        public Time getStartDate() {
            return this.tbsCert.getStartDate();
        }

        public Time getEndDate() {
            return this.tbsCert.getEndDate();
        }

        public X500Name getSubject() {
            return this.tbsCert.getSubject();
        }

        public SubjectPublicKeyInfo getSubjectPublicKeyInfo() {
            return this.tbsCert.getSubjectPublicKeyInfo();
        }

        public AlgorithmIdentifier getSignatureAlgorithm() {
            return this.sigAlgId;
        }

        public ASN1BitString getSignature() {
            return this.sig;
        }

        public ASN1Primitive toASN1Primitive() {
            return this.seq;
        }
    }

    /* loaded from: input_file:org/bouncycastle/jce/provider/test/CertPathValidatorTest$DodgyExtensions.class */
    public static class DodgyExtensions extends ASN1Object {
        private Hashtable extensions = new Hashtable();
        private Vector ordering = new Vector();

        DodgyExtensions(ASN1Sequence aSN1Sequence) {
            Enumeration objects = aSN1Sequence.getObjects();
            while (objects.hasMoreElements()) {
                Extension extension = Extension.getInstance(objects.nextElement());
                this.extensions.put(extension.getExtnId(), extension);
                this.ordering.addElement(extension.getExtnId());
            }
        }

        public Enumeration oids() {
            return this.ordering.elements();
        }

        public Extension getExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
            return (Extension) this.extensions.get(aSN1ObjectIdentifier);
        }

        public ASN1Encodable getExtensionParsedValue(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
            Extension extension = getExtension(aSN1ObjectIdentifier);
            if (extension != null) {
                return extension.getParsedValue();
            }
            return null;
        }

        public ASN1Primitive toASN1Primitive() {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector(this.ordering.size());
            Enumeration elements = this.ordering.elements();
            while (elements.hasMoreElements()) {
                aSN1EncodableVector.add((Extension) this.extensions.get((ASN1ObjectIdentifier) elements.nextElement()));
            }
            return new DERSequence(aSN1EncodableVector);
        }

        public boolean equivalent(DodgyExtensions dodgyExtensions) {
            if (this.extensions.size() != dodgyExtensions.extensions.size()) {
                return false;
            }
            Enumeration keys = this.extensions.keys();
            while (keys.hasMoreElements()) {
                Object nextElement = keys.nextElement();
                if (!this.extensions.get(nextElement).equals(dodgyExtensions.extensions.get(nextElement))) {
                    return false;
                }
            }
            return true;
        }

        public ASN1ObjectIdentifier[] getExtensionOIDs() {
            return toOidArray(this.ordering);
        }

        public ASN1ObjectIdentifier[] getNonCriticalExtensionOIDs() {
            return getExtensionOIDs(false);
        }

        public ASN1ObjectIdentifier[] getCriticalExtensionOIDs() {
            return getExtensionOIDs(true);
        }

        private ASN1ObjectIdentifier[] getExtensionOIDs(boolean z) {
            Vector vector = new Vector();
            for (int i = 0; i != this.ordering.size(); i++) {
                Object elementAt = this.ordering.elementAt(i);
                if (((Extension) this.extensions.get(elementAt)).isCritical() == z) {
                    vector.addElement(elementAt);
                }
            }
            return toOidArray(vector);
        }

        private ASN1ObjectIdentifier[] toOidArray(Vector vector) {
            ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr = new ASN1ObjectIdentifier[vector.size()];
            for (int i = 0; i != aSN1ObjectIdentifierArr.length; i++) {
                aSN1ObjectIdentifierArr[i] = (ASN1ObjectIdentifier) vector.elementAt(i);
            }
            return aSN1ObjectIdentifierArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/jce/provider/test/CertPathValidatorTest$DodgyTBSCertificate.class */
    public class DodgyTBSCertificate extends ASN1Object {
        ASN1Sequence seq;
        ASN1Integer version;
        ASN1Integer serialNumber;
        AlgorithmIdentifier signature;
        X500Name issuer;
        Time startDate;
        Time endDate;
        X500Name subject;
        SubjectPublicKeyInfo subjectPublicKeyInfo;
        ASN1BitString issuerUniqueId;
        ASN1BitString subjectUniqueId;
        DodgyExtensions extensions;
        private final CertPathValidatorTest this$0;

        private DodgyTBSCertificate(CertPathValidatorTest certPathValidatorTest, ASN1Sequence aSN1Sequence) {
            this.this$0 = certPathValidatorTest;
            int i = 0;
            this.seq = aSN1Sequence;
            if (aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject) {
                this.version = ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0), true);
            } else {
                i = -1;
                this.version = new ASN1Integer(0L);
            }
            if (!this.version.hasValue(0) && this.version.hasValue(1)) {
            }
            this.serialNumber = ASN1Integer.getInstance(aSN1Sequence.getObjectAt(i + 1));
            this.signature = AlgorithmIdentifier.getInstance(aSN1Sequence.getObjectAt(i + 2));
            this.issuer = X500Name.getInstance(aSN1Sequence.getObjectAt(i + 3));
            ASN1Sequence objectAt = aSN1Sequence.getObjectAt(i + 4);
            this.startDate = Time.getInstance(objectAt.getObjectAt(0));
            this.endDate = Time.getInstance(objectAt.getObjectAt(1));
            this.subject = X500Name.getInstance(aSN1Sequence.getObjectAt(i + 5));
            this.subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aSN1Sequence.getObjectAt(i + 6));
            for (int size = (aSN1Sequence.size() - (i + 6)) - 1; size > 0; size--) {
                ASN1TaggedObject objectAt2 = aSN1Sequence.getObjectAt(i + 6 + size);
                switch (objectAt2.getTagNo()) {
                    case 1:
                        this.issuerUniqueId = ASN1BitString.getInstance(objectAt2, false);
                        break;
                    case 2:
                        this.subjectUniqueId = ASN1BitString.getInstance(objectAt2, false);
                        break;
                    case TlsTestConfig.CLIENT_AUTH_INVALID_VERIFY /* 3 */:
                        this.extensions = new DodgyExtensions(ASN1Sequence.getInstance(objectAt2, true));
                        break;
                    default:
                        throw new IllegalArgumentException(new StringBuffer().append("Unknown tag encountered in structure: ").append(objectAt2.getTagNo()).toString());
                }
            }
        }

        public int getVersionNumber() {
            return this.version.intValueExact() + 1;
        }

        public ASN1Integer getVersion() {
            return this.version;
        }

        public ASN1Integer getSerialNumber() {
            return this.serialNumber;
        }

        public AlgorithmIdentifier getSignature() {
            return this.signature;
        }

        public X500Name getIssuer() {
            return this.issuer;
        }

        public Time getStartDate() {
            return this.startDate;
        }

        public Time getEndDate() {
            return this.endDate;
        }

        public X500Name getSubject() {
            return this.subject;
        }

        public SubjectPublicKeyInfo getSubjectPublicKeyInfo() {
            return this.subjectPublicKeyInfo;
        }

        public ASN1BitString getIssuerUniqueId() {
            return this.issuerUniqueId;
        }

        public ASN1BitString getSubjectUniqueId() {
            return this.subjectUniqueId;
        }

        public DodgyExtensions getExtensions() {
            return this.extensions;
        }

        public ASN1Primitive toASN1Primitive() {
            if (Properties.getPropertyValue("org.bouncycastle.x509.allow_non-der_tbscert") != null && !Properties.isOverrideSet("org.bouncycastle.x509.allow_non-der_tbscert")) {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                if (!this.version.hasValue(0)) {
                    aSN1EncodableVector.add(new DERTaggedObject(true, 0, this.version));
                }
                aSN1EncodableVector.add(this.serialNumber);
                aSN1EncodableVector.add(this.signature);
                aSN1EncodableVector.add(this.issuer);
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector(2);
                aSN1EncodableVector2.add(this.startDate);
                aSN1EncodableVector2.add(this.endDate);
                aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
                if (this.subject != null) {
                    aSN1EncodableVector.add(this.subject);
                } else {
                    aSN1EncodableVector.add(new DERSequence());
                }
                aSN1EncodableVector.add(this.subjectPublicKeyInfo);
                if (this.issuerUniqueId != null) {
                    aSN1EncodableVector.add(new DERTaggedObject(false, 1, this.issuerUniqueId));
                }
                if (this.subjectUniqueId != null) {
                    aSN1EncodableVector.add(new DERTaggedObject(false, 2, this.subjectUniqueId));
                }
                if (this.extensions != null) {
                    aSN1EncodableVector.add(new DERTaggedObject(true, 3, this.extensions));
                }
                return new DERSequence(aSN1EncodableVector);
            }
            return this.seq;
        }

        DodgyTBSCertificate(CertPathValidatorTest certPathValidatorTest, ASN1Sequence aSN1Sequence, AnonymousClass1 anonymousClass1) {
            this(certPathValidatorTest, aSN1Sequence);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/bouncycastle/jce/provider/test/CertPathValidatorTest$MyChecker.class */
    public static class MyChecker extends PKIXCertPathChecker {
        private static int count;

        private MyChecker() {
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public void init(boolean z) throws CertPathValidatorException {
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public boolean isForwardCheckingSupported() {
            return true;
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public Set getSupportedExtensions() {
            return null;
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
            count++;
        }

        public int getCount() {
            return count;
        }

        MyChecker(AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    /* loaded from: input_file:org/bouncycastle/jce/provider/test/CertPathValidatorTest$X509CertificateObject.class */
    public static class X509CertificateObject extends X509Certificate {
        static final String CERTIFICATE_POLICIES = Extension.certificatePolicies.getId();
        static final String POLICY_MAPPINGS = Extension.policyMappings.getId();
        static final String INHIBIT_ANY_POLICY = Extension.inhibitAnyPolicy.getId();
        static final String ISSUING_DISTRIBUTION_POINT = Extension.issuingDistributionPoint.getId();
        static final String FRESHEST_CRL = Extension.freshestCRL.getId();
        static final String DELTA_CRL_INDICATOR = Extension.deltaCRLIndicator.getId();
        static final String POLICY_CONSTRAINTS = Extension.policyConstraints.getId();
        static final String BASIC_CONSTRAINTS = Extension.basicConstraints.getId();
        static final String CRL_DISTRIBUTION_POINTS = Extension.cRLDistributionPoints.getId();
        static final String SUBJECT_ALTERNATIVE_NAME = Extension.subjectAlternativeName.getId();
        static final String NAME_CONSTRAINTS = Extension.nameConstraints.getId();
        static final String AUTHORITY_KEY_IDENTIFIER = Extension.authorityKeyIdentifier.getId();
        static final String KEY_USAGE = Extension.keyUsage.getId();
        static final String CRL_NUMBER = Extension.cRLNumber.getId();
        static final String ANY_POLICY = "2.5.29.32.0";
        private DodgyCertificate c;
        private BasicConstraints basicConstraints;
        private boolean[] keyUsage;
        private boolean hashValueSet;
        private int hashValue;

        public X509CertificateObject(DodgyCertificate dodgyCertificate) throws CertificateParsingException {
            this.c = dodgyCertificate;
            try {
                byte[] extensionBytes = getExtensionBytes("2.5.29.19");
                if (extensionBytes != null) {
                    this.basicConstraints = BasicConstraints.getInstance(ASN1Primitive.fromByteArray(extensionBytes));
                }
                try {
                    byte[] extensionBytes2 = getExtensionBytes("2.5.29.15");
                    if (extensionBytes2 != null) {
                        ASN1BitString aSN1BitString = ASN1BitString.getInstance(ASN1Primitive.fromByteArray(extensionBytes2));
                        byte[] bytes = aSN1BitString.getBytes();
                        int length = (bytes.length * 8) - aSN1BitString.getPadBits();
                        this.keyUsage = new boolean[length < 9 ? 9 : length];
                        for (int i = 0; i != length; i++) {
                            this.keyUsage[i] = (bytes[i / 8] & (128 >>> (i % 8))) != 0;
                        }
                    } else {
                        this.keyUsage = null;
                    }
                } catch (Exception e) {
                    throw new CertificateParsingException(new StringBuffer().append("cannot construct KeyUsage: ").append(e).toString());
                }
            } catch (Exception e2) {
                throw new CertificateParsingException(new StringBuffer().append("cannot construct BasicConstraints: ").append(e2).toString());
            }
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
            checkValidity(new Date());
        }

        @Override // java.security.cert.X509Certificate
        public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
            if (date.getTime() > getNotAfter().getTime()) {
                throw new CertificateExpiredException(new StringBuffer().append("certificate expired on ").append(this.c.getEndDate().getTime()).toString());
            }
            if (date.getTime() < getNotBefore().getTime()) {
                throw new CertificateNotYetValidException(new StringBuffer().append("certificate not valid till ").append(this.c.getStartDate().getTime()).toString());
            }
        }

        @Override // java.security.cert.X509Certificate
        public int getVersion() {
            return this.c.getVersion().intValueExact();
        }

        @Override // java.security.cert.X509Certificate
        public BigInteger getSerialNumber() {
            return this.c.getSerialNumber().getValue();
        }

        @Override // java.security.cert.X509Certificate
        public Principal getIssuerDN() {
            return getIssuerX500Principal();
        }

        @Override // java.security.cert.X509Certificate
        public X500Principal getIssuerX500Principal() {
            try {
                return new X500Principal(this.c.getIssuer().getEncoded());
            } catch (IOException e) {
                throw new IllegalStateException("can't encode issuer DN");
            }
        }

        @Override // java.security.cert.X509Certificate
        public Principal getSubjectDN() {
            return getSubjectX500Principal();
        }

        @Override // java.security.cert.X509Certificate
        public X500Principal getSubjectX500Principal() {
            try {
                return new X500Principal(this.c.getSubject().getEncoded());
            } catch (IOException e) {
                throw new IllegalStateException("can't encode issuer DN");
            }
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotBefore() {
            return this.c.getStartDate().getDate();
        }

        @Override // java.security.cert.X509Certificate
        public Date getNotAfter() {
            return this.c.getEndDate().getDate();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getTBSCertificate() throws CertificateEncodingException {
            try {
                return this.c.getTBSCertificate().getEncoded("DER");
            } catch (IOException e) {
                throw new CertificateEncodingException(e.toString());
            }
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSignature() {
            return this.c.getSignature().getOctets();
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgName() {
            String property;
            Provider provider = Security.getProvider("BC");
            if (provider != null && (property = provider.getProperty(new StringBuffer().append("Alg.Alias.Signature.").append(getSigAlgOID()).toString())) != null) {
                return property;
            }
            Provider[] providers = Security.getProviders();
            for (int i = 0; i != providers.length; i++) {
                String property2 = providers[i].getProperty(new StringBuffer().append("Alg.Alias.Signature.").append(getSigAlgOID()).toString());
                if (property2 != null) {
                    return property2;
                }
            }
            return getSigAlgOID();
        }

        @Override // java.security.cert.X509Certificate
        public String getSigAlgOID() {
            return this.c.getSignatureAlgorithm().getAlgorithm().getId();
        }

        @Override // java.security.cert.X509Certificate
        public byte[] getSigAlgParams() {
            if (this.c.getSignatureAlgorithm().getParameters() == null) {
                return null;
            }
            try {
                return this.c.getSignatureAlgorithm().getParameters().toASN1Primitive().getEncoded("DER");
            } catch (IOException e) {
                return null;
            }
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getIssuerUniqueID() {
            ASN1BitString issuerUniqueId = this.c.getTBSCertificate().getIssuerUniqueId();
            if (issuerUniqueId == null) {
                return null;
            }
            byte[] bytes = issuerUniqueId.getBytes();
            boolean[] zArr = new boolean[(bytes.length * 8) - issuerUniqueId.getPadBits()];
            for (int i = 0; i != zArr.length; i++) {
                zArr[i] = (bytes[i / 8] & (128 >>> (i % 8))) != 0;
            }
            return zArr;
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getSubjectUniqueID() {
            ASN1BitString subjectUniqueId = this.c.getTBSCertificate().getSubjectUniqueId();
            if (subjectUniqueId == null) {
                return null;
            }
            byte[] bytes = subjectUniqueId.getBytes();
            boolean[] zArr = new boolean[(bytes.length * 8) - subjectUniqueId.getPadBits()];
            for (int i = 0; i != zArr.length; i++) {
                zArr[i] = (bytes[i / 8] & (128 >>> (i % 8))) != 0;
            }
            return zArr;
        }

        @Override // java.security.cert.X509Certificate
        public boolean[] getKeyUsage() {
            return this.keyUsage;
        }

        @Override // java.security.cert.X509Certificate
        public List getExtendedKeyUsage() throws CertificateParsingException {
            byte[] extensionBytes = getExtensionBytes("2.5.29.37");
            if (extensionBytes == null) {
                return null;
            }
            try {
                ASN1Sequence readObject = new ASN1InputStream(extensionBytes).readObject();
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i != readObject.size(); i++) {
                    arrayList.add(readObject.getObjectAt(i).getId());
                }
                return Collections.unmodifiableList(arrayList);
            } catch (Exception e) {
                throw new CertificateParsingException("error processing extended key usage extension");
            }
        }

        @Override // java.security.cert.X509Certificate
        public int getBasicConstraints() {
            if (this.basicConstraints == null || !this.basicConstraints.isCA()) {
                return -1;
            }
            ASN1Integer pathLenConstraintInteger = this.basicConstraints.getPathLenConstraintInteger();
            if (pathLenConstraintInteger == null) {
                return Integer.MAX_VALUE;
            }
            return pathLenConstraintInteger.intPositiveValueExact();
        }

        @Override // java.security.cert.X509Certificate
        public Collection getSubjectAlternativeNames() throws CertificateParsingException {
            return getAlternativeNames(getExtensionBytes(Extension.subjectAlternativeName.getId()));
        }

        @Override // java.security.cert.X509Certificate
        public Collection getIssuerAlternativeNames() throws CertificateParsingException {
            return getAlternativeNames(getExtensionBytes(Extension.issuerAlternativeName.getId()));
        }

        @Override // java.security.cert.X509Extension
        public Set getCriticalExtensionOIDs() {
            if (getVersion() != 3) {
                return null;
            }
            HashSet hashSet = new HashSet();
            DodgyExtensions extensions = this.c.getTBSCertificate().getExtensions();
            if (extensions == null) {
                return null;
            }
            Enumeration oids = extensions.oids();
            while (oids.hasMoreElements()) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) oids.nextElement();
                if (extensions.getExtension(aSN1ObjectIdentifier).isCritical()) {
                    hashSet.add(aSN1ObjectIdentifier.getId());
                }
            }
            return hashSet;
        }

        private byte[] getExtensionBytes(String str) {
            Extension extension;
            DodgyExtensions extensions = this.c.getTBSCertificate().getExtensions();
            if (extensions == null || (extension = extensions.getExtension(new ASN1ObjectIdentifier(str))) == null) {
                return null;
            }
            return extension.getExtnValue().getOctets();
        }

        @Override // java.security.cert.X509Extension
        public byte[] getExtensionValue(String str) {
            Extension extension;
            DodgyExtensions extensions = this.c.getTBSCertificate().getExtensions();
            if (extensions == null || (extension = extensions.getExtension(new ASN1ObjectIdentifier(str))) == null) {
                return null;
            }
            try {
                return extension.getExtnValue().getEncoded();
            } catch (Exception e) {
                throw new IllegalStateException(new StringBuffer().append("error parsing ").append(e.toString()).toString());
            }
        }

        @Override // java.security.cert.X509Extension
        public Set getNonCriticalExtensionOIDs() {
            if (getVersion() != 3) {
                return null;
            }
            HashSet hashSet = new HashSet();
            DodgyExtensions extensions = this.c.getTBSCertificate().getExtensions();
            if (extensions == null) {
                return null;
            }
            Enumeration oids = extensions.oids();
            while (oids.hasMoreElements()) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) oids.nextElement();
                if (!extensions.getExtension(aSN1ObjectIdentifier).isCritical()) {
                    hashSet.add(aSN1ObjectIdentifier.getId());
                }
            }
            return hashSet;
        }

        @Override // java.security.cert.X509Extension
        public boolean hasUnsupportedCriticalExtension() {
            DodgyExtensions extensions;
            if (getVersion() != 3 || (extensions = this.c.getTBSCertificate().getExtensions()) == null) {
                return false;
            }
            Enumeration oids = extensions.oids();
            while (oids.hasMoreElements()) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) oids.nextElement();
                String id = aSN1ObjectIdentifier.getId();
                if (!id.equals(KEY_USAGE) && !id.equals(CERTIFICATE_POLICIES) && !id.equals(POLICY_MAPPINGS) && !id.equals(INHIBIT_ANY_POLICY) && !id.equals(CRL_DISTRIBUTION_POINTS) && !id.equals(ISSUING_DISTRIBUTION_POINT) && !id.equals(DELTA_CRL_INDICATOR) && !id.equals(POLICY_CONSTRAINTS) && !id.equals(BASIC_CONSTRAINTS) && !id.equals(SUBJECT_ALTERNATIVE_NAME) && !id.equals(NAME_CONSTRAINTS) && extensions.getExtension(aSN1ObjectIdentifier).isCritical()) {
                    return true;
                }
            }
            return false;
        }

        @Override // java.security.cert.Certificate
        public PublicKey getPublicKey() {
            try {
                return BouncyCastleProvider.getPublicKey(this.c.getSubjectPublicKeyInfo());
            } catch (IOException e) {
                return null;
            }
        }

        @Override // java.security.cert.Certificate
        public byte[] getEncoded() throws CertificateEncodingException {
            try {
                return this.c.getEncoded("DER");
            } catch (IOException e) {
                throw new CertificateEncodingException(e.toString());
            }
        }

        @Override // java.security.cert.Certificate
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Certificate)) {
                return false;
            }
            try {
                return Arrays.areEqual(getEncoded(), ((Certificate) obj).getEncoded());
            } catch (CertificateEncodingException e) {
                return false;
            }
        }

        @Override // java.security.cert.Certificate
        public synchronized int hashCode() {
            if (!this.hashValueSet) {
                this.hashValue = calculateHashCode();
                this.hashValueSet = true;
            }
            return this.hashValue;
        }

        private int calculateHashCode() {
            try {
                int i = 0;
                byte[] encoded = getEncoded();
                for (int i2 = 1; i2 < encoded.length; i2++) {
                    i += encoded[i2] * i2;
                }
                return i;
            } catch (CertificateEncodingException e) {
                return 0;
            }
        }

        @Override // java.security.cert.Certificate
        public String toString() {
            StringBuffer stringBuffer = new StringBuffer();
            String lineSeparator = Strings.lineSeparator();
            stringBuffer.append("  [0]         Version: ").append(getVersion()).append(lineSeparator);
            stringBuffer.append("         SerialNumber: ").append(getSerialNumber()).append(lineSeparator);
            stringBuffer.append("             IssuerDN: ").append(getIssuerDN()).append(lineSeparator);
            stringBuffer.append("           Start Date: ").append(getNotBefore()).append(lineSeparator);
            stringBuffer.append("           Final Date: ").append(getNotAfter()).append(lineSeparator);
            stringBuffer.append("            SubjectDN: ").append(getSubjectDN()).append(lineSeparator);
            stringBuffer.append("           Public Key: ").append(getPublicKey()).append(lineSeparator);
            stringBuffer.append("  Signature Algorithm: ").append(getSigAlgName()).append(lineSeparator);
            byte[] signature = getSignature();
            stringBuffer.append("            Signature: ").append(new String(Hex.encode(signature, 0, 20))).append(lineSeparator);
            for (int i = 20; i < signature.length; i += 20) {
                if (i < signature.length - 20) {
                    stringBuffer.append("                       ").append(new String(Hex.encode(signature, i, 20))).append(lineSeparator);
                } else {
                    stringBuffer.append("                       ").append(new String(Hex.encode(signature, i, signature.length - i))).append(lineSeparator);
                }
            }
            DodgyExtensions extensions = this.c.getTBSCertificate().getExtensions();
            if (extensions != null) {
                Enumeration oids = extensions.oids();
                if (oids.hasMoreElements()) {
                    stringBuffer.append("       Extensions: \n");
                }
                while (oids.hasMoreElements()) {
                    ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) oids.nextElement();
                    Extension extension = extensions.getExtension(aSN1ObjectIdentifier);
                    if (extension.getExtnValue() != null) {
                        ASN1InputStream aSN1InputStream = new ASN1InputStream(extension.getExtnValue().getOctets());
                        stringBuffer.append("                       critical(").append(extension.isCritical()).append(") ");
                        try {
                            if (aSN1ObjectIdentifier.equals(Extension.basicConstraints)) {
                                stringBuffer.append(BasicConstraints.getInstance(aSN1InputStream.readObject())).append(lineSeparator);
                            } else if (aSN1ObjectIdentifier.equals(Extension.keyUsage)) {
                                stringBuffer.append(KeyUsage.getInstance(aSN1InputStream.readObject())).append(lineSeparator);
                            } else if (aSN1ObjectIdentifier.equals(MiscObjectIdentifiers.netscapeCertType)) {
                                stringBuffer.append(new NetscapeCertType(aSN1InputStream.readObject())).append(lineSeparator);
                            } else if (aSN1ObjectIdentifier.equals(MiscObjectIdentifiers.netscapeRevocationURL)) {
                                stringBuffer.append(new NetscapeRevocationURL(aSN1InputStream.readObject())).append(lineSeparator);
                            } else if (aSN1ObjectIdentifier.equals(MiscObjectIdentifiers.verisignCzagExtension)) {
                                stringBuffer.append(new VerisignCzagExtension(aSN1InputStream.readObject())).append(lineSeparator);
                            } else {
                                stringBuffer.append(aSN1ObjectIdentifier.getId());
                                stringBuffer.append(" value = ").append(ASN1Dump.dumpAsString(aSN1InputStream.readObject())).append(lineSeparator);
                            }
                        } catch (Exception e) {
                            stringBuffer.append(aSN1ObjectIdentifier.getId());
                            stringBuffer.append(" value = ").append("*****").append(lineSeparator);
                        }
                    } else {
                        stringBuffer.append(lineSeparator);
                    }
                }
            }
            return stringBuffer.toString();
        }

        @Override // java.security.cert.Certificate
        public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            Signature signature;
            try {
                signature = Signature.getInstance("SHA256withRSA", "BC");
            } catch (Exception e) {
                signature = Signature.getInstance("SHA256withRSA");
            }
            checkSignature(publicKey, signature);
        }

        @Override // java.security.cert.Certificate
        public final void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            checkSignature(publicKey, str != null ? Signature.getInstance("SHA256withRSA", str) : Signature.getInstance("SHA256withRSA"));
        }

        @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
        public final void verify(PublicKey publicKey, Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
            checkSignature(publicKey, provider != null ? Signature.getInstance("SHA256withRSA", provider) : Signature.getInstance("SHA256withRSA"));
        }

        private void checkSignature(PublicKey publicKey, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
            if (!isAlgIdEqual(this.c.getSignatureAlgorithm(), this.c.getTBSCertificate().getSignature())) {
                throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
            }
            this.c.getSignatureAlgorithm().getParameters();
            signature.initVerify(publicKey);
            signature.update(getTBSCertificate());
            if (!signature.verify(getSignature())) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        }

        private boolean isAlgIdEqual(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) {
            if (algorithmIdentifier.getAlgorithm().equals(algorithmIdentifier2.getAlgorithm())) {
                return algorithmIdentifier.getParameters() == null ? algorithmIdentifier2.getParameters() == null || algorithmIdentifier2.getParameters().equals(DERNull.INSTANCE) : algorithmIdentifier2.getParameters() == null ? algorithmIdentifier.getParameters() == null || algorithmIdentifier.getParameters().equals(DERNull.INSTANCE) : algorithmIdentifier.getParameters().equals(algorithmIdentifier2.getParameters());
            }
            return false;
        }

        /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0045. Please report as an issue. */
        private static Collection getAlternativeNames(byte[] bArr) throws CertificateParsingException {
            if (bArr == null) {
                return null;
            }
            try {
                ArrayList arrayList = new ArrayList();
                Enumeration objects = ASN1Sequence.getInstance(bArr).getObjects();
                while (objects.hasMoreElements()) {
                    GeneralName generalName = GeneralName.getInstance(objects.nextElement());
                    ArrayList arrayList2 = new ArrayList();
                    arrayList2.add(Integers.valueOf(generalName.getTagNo()));
                    switch (generalName.getTagNo()) {
                        case 0:
                        case TlsTestConfig.CLIENT_AUTH_INVALID_VERIFY /* 3 */:
                        case 5:
                            arrayList2.add(generalName.getEncoded());
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        case 1:
                        case 2:
                        case 6:
                            arrayList2.add(generalName.getName().getString());
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        case 4:
                            arrayList2.add(X500Name.getInstance(RFC4519Style.INSTANCE, generalName.getName()).toString());
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        case 7:
                            try {
                                arrayList2.add(InetAddress.getByAddress(DEROctetString.getInstance(generalName.getName()).getOctets()).getHostAddress());
                                arrayList.add(Collections.unmodifiableList(arrayList2));
                            } catch (UnknownHostException e) {
                            }
                        case 8:
                            arrayList2.add(ASN1ObjectIdentifier.getInstance(generalName.getName()).getId());
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        default:
                            throw new IOException(new StringBuffer().append("Bad tag number: ").append(generalName.getTagNo()).toString());
                    }
                }
                if (arrayList.size() == 0) {
                    return null;
                }
                return Collections.unmodifiableCollection(arrayList);
            } catch (Exception e2) {
                throw new CertificateParsingException(e2.getMessage());
            }
        }
    }

    private void checkCircProcessing() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(circCA));
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(circCRLCA));
        X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(circCRL));
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        arrayList.add(x509Certificate2);
        arrayList.add(x509crl);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList));
        Date date = new Date(x509crl.getThisUpdate().getTime() + 3600000);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(x509Certificate2);
        CertPath generateCertPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(arrayList2);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(x509Certificate, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, (CertSelector) null);
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate2);
        pKIXBuilderParameters.setTargetCertConstraints(x509CertSelector);
        pKIXBuilderParameters.addCertStore(certStore);
        pKIXBuilderParameters.setRevocationEnabled(true);
        pKIXBuilderParameters.setDate(date);
    }

    private void checkPolicyProcessingAtDomainMatch() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("qvRooCa3.crt"));
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("suvaRoot1.crt"));
        X509Certificate x509Certificate3 = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("suvaEmail1.crt"));
        X509Certificate x509Certificate4 = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("suvaEE.crt"));
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate4);
        arrayList.add(x509Certificate3);
        arrayList.add(x509Certificate2);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(x509Certificate, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.setRevocationEnabled(false);
        pKIXParameters.setDate(new Date(1470025175220L));
        CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
        pKIXParameters.addCertPathChecker(new MyChecker(null));
    }

    public void testEmptyPath() throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(CertPathTest.rootCertBin));
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        CertPath generateCertPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(new ArrayList());
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(x509Certificate, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.addCertPathChecker(new MyChecker(null));
        try {
            certPathValidator.validate(generateCertPath, pKIXParameters);
        } catch (CertPathValidatorException e) {
            if ("Certification path is empty.".equals(e.getMessage())) {
                return;
            }
            fail("message mismatch");
        }
    }

    private void constraintTest() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("CERT_CI_ECDSA_NIST.pem"));
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("CERT_EUM_ECDSA_NIST.pem"));
        X509Certificate x509Certificate3 = (X509Certificate) certificateFactory.generateCertificate(getClass().getResourceAsStream("CERT_EUICC_ECDSA_NIST.pem"));
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate2);
        arrayList.add(x509Certificate3);
        CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(x509Certificate, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.setRevocationEnabled(false);
        certPathValidator.validate(generateCertPath, pKIXParameters);
    }

    private void testNoKeyUsageCRLSigner() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(crlRoot));
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(crlSecretary));
        X509Certificate x509Certificate3 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(crlVictim));
        X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(crlFake));
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate2);
        arrayList.add(x509Certificate3);
        arrayList.add(x509crl);
        System.setProperty("org.bouncycastle.x509.allow_ca_without_crl_sign", "false");
        CertPath generateCertPath = certificateFactory.generateCertPath(Collections.singletonList(x509Certificate3));
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        Date date = new Date(x509crl.getThisUpdate().getTime() + 3600000);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(x509Certificate, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        new X509CertSelector().setSubject(x509Certificate3.getSubjectX500Principal().getEncoded());
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.setDate(date);
        try {
            fail("path should have failed");
        } catch (CertPathValidatorException e) {
            isTrue("No CRLs found for issuer \"o=Certs 'r Us,c=XX\"".equals(e.getMessage()));
        }
        System.setProperty("org.bouncycastle.x509.allow_ca_without_crl_sign", "true");
    }

    @Override // org.bouncycastle.util.test.SimpleTest
    public void performTest() throws Exception {
        constraintTest();
        testNoKeyUsageCRLSigner();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertPathTest.rootCertBin));
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertPathTest.interCertBin));
        X509Certificate x509Certificate3 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(CertPathTest.finalCertBin));
        X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(CertPathTest.rootCrlBin));
        X509CRL x509crl2 = (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(CertPathTest.interCrlBin));
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        arrayList.add(x509Certificate2);
        arrayList.add(x509Certificate3);
        arrayList.add(x509crl);
        arrayList.add(x509crl2);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        Date date = new Date(x509crl.getThisUpdate().getTime() + 3600000);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(x509Certificate3);
        arrayList2.add(x509Certificate2);
        CertPath generateCertPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(arrayList2);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(x509Certificate, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.setDate(date);
        MyChecker myChecker = new MyChecker(null);
        pKIXParameters.addCertPathChecker(myChecker);
        System.setProperty("org.bouncycastle.x509.allow_ca_without_crl_sign", "true");
        PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXParameters);
        pKIXCertPathValidatorResult.getPolicyTree();
        PublicKey publicKey = pKIXCertPathValidatorResult.getPublicKey();
        if (myChecker.getCount() != 2) {
            fail("checker not evaluated for each certificate");
        }
        if (!publicKey.equals(x509Certificate3.getPublicKey())) {
            fail("wrong public key returned");
        }
        isTrue(pKIXCertPathValidatorResult.getTrustAnchor().getTrustedCert().equals(x509Certificate));
        arrayList2.clear();
        arrayList2.add(x509Certificate3);
        arrayList2.add(x509Certificate2);
        arrayList2.add(x509Certificate);
        CertPath generateCertPath2 = CertificateFactory.getInstance("X.509", "BC").generateCertPath(arrayList2);
        CertPathValidator certPathValidator2 = CertPathValidator.getInstance("PKIX", "BC");
        PKIXParameters pKIXParameters2 = new PKIXParameters(hashSet);
        pKIXParameters2.addCertStore(certStore);
        pKIXParameters2.setDate(date);
        PKIXCertPathValidatorResult pKIXCertPathValidatorResult2 = (PKIXCertPathValidatorResult) certPathValidator2.validate(generateCertPath2, pKIXParameters2);
        System.setProperty("org.bouncycastle.x509.allow_ca_without_crl_sign", "false");
        isTrue(pKIXCertPathValidatorResult2.getTrustAnchor().getTrustedCert().equals(x509Certificate));
        try {
            X509Certificate x509Certificate4 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(this.AC_RAIZ_ICPBRASIL));
            X509Certificate x509Certificate5 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(this.AC_PR));
            X509Certificate x509Certificate6 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(this.schefer));
            ArrayList arrayList3 = new ArrayList();
            arrayList3.add(x509Certificate4);
            arrayList3.add(x509Certificate5);
            arrayList3.add(x509Certificate6);
            CertStore certStore2 = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList3));
            Date date2 = new Date(x509Certificate6.getNotBefore().getTime() + 3600000);
            ArrayList arrayList4 = new ArrayList();
            arrayList4.add(x509Certificate6);
            arrayList4.add(x509Certificate5);
            CertPath generateCertPath3 = CertificateFactory.getInstance("X.509", "BC").generateCertPath(arrayList4);
            HashSet hashSet2 = new HashSet();
            hashSet2.add(new TrustAnchor(x509Certificate4, null));
            CertPathValidator certPathValidator3 = CertPathValidator.getInstance("PKIX", "BC");
            PKIXParameters pKIXParameters3 = new PKIXParameters(hashSet2);
            pKIXParameters3.addCertStore(certStore2);
            pKIXParameters3.setRevocationEnabled(false);
            pKIXParameters3.setDate(date2);
            PKIXCertPathValidatorResult pKIXCertPathValidatorResult3 = (PKIXCertPathValidatorResult) certPathValidator3.validate(generateCertPath3, pKIXParameters3);
            pKIXCertPathValidatorResult3.getPolicyTree();
            pKIXCertPathValidatorResult3.getPublicKey();
            fail("Invalid path validated");
        } catch (Exception e) {
            if (!(e instanceof CertPathValidatorException) || !e.getMessage().startsWith("Could not validate certificate signature.")) {
                fail("unexpected exception", e);
            }
        }
        System.setProperty("org.bouncycastle.x509.allow_ca_without_crl_sign", "true");
        checkCircProcessing();
        checkPolicyProcessingAtDomainMatch();
        validateWithExtendedKeyUsage();
        testEmptyPath();
        checkInvalidCertPath();
    }

    private void validateWithExtendedKeyUsage() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(extTrust));
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(extCA));
        X509Certificate x509Certificate3 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(extEE));
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        arrayList.add(x509Certificate2);
        arrayList.add(x509Certificate3);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        Date date = new Date(x509Certificate.getNotBefore().getTime() + 3600000);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(x509Certificate3);
        arrayList2.add(x509Certificate2);
        CertPath generateCertPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(arrayList2);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(x509Certificate, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.setDate(date);
        pKIXParameters.setRevocationEnabled(false);
    }

    private void checkInvalidCertPath() throws Exception {
        checkInvalidPath(extInvTrust, extInvCA, extInvEE, "version 1 certificate contains extra data");
        checkInvalidPath(extInvV2Trust, extInvV2CA, extInvV2EE, "version 2 certificate cannot contain extensions");
        checkInvalidPath(extInvVersionTrust, extInvVersionCA, extInvVersionEE, "version number not recognised");
        checkInvalidPath(extInvExtTrust, extInvExtCA, extInvExtEE, "repeated extension found: 2.5.29.15");
    }

    private void checkInvalidPath(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) throws Exception {
        X509CertificateObject x509CertificateObject = new X509CertificateObject(new DodgyCertificate(this, bArr));
        X509CertificateObject x509CertificateObject2 = new X509CertificateObject(new DodgyCertificate(this, bArr2));
        X509CertificateObject x509CertificateObject3 = new X509CertificateObject(new DodgyCertificate(this, bArr3));
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509CertificateObject);
        arrayList.add(x509CertificateObject2);
        arrayList.add(x509CertificateObject3);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        Date date = new Date(x509CertificateObject.getNotBefore().getTime() + 60000);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(x509CertificateObject3);
        arrayList2.add(x509CertificateObject2);
        CertPath generateCertPath = CertificateFactory.getInstance("X.509", "BC").generateCertPath(arrayList2);
        HashSet hashSet = new HashSet();
        hashSet.add(new TrustAnchor(x509CertificateObject, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.setDate(date);
        pKIXParameters.setRevocationEnabled(false);
        try {
            fail("valid path passed");
        } catch (CertPathValidatorException e) {
            isTrue(e.getMessage().equals(str));
        }
        try {
            CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(bArr3));
        } catch (CertificateException e2) {
            isTrue(e2.getMessage().equals(new StringBuffer().append("parsing issue: ").append(str).toString()));
        }
    }

    @Override // org.bouncycastle.util.test.SimpleTest, org.bouncycastle.util.test.Test
    public String getName() {
        return "CertPathValidator";
    }

    public static void main(String[] strArr) {
        Security.addProvider(new BouncyCastleProvider());
        runTest(new CertPathValidatorTest());
    }
}
