package ksign.jce.provider.validate;

import com.dream.magic.fido.uaf.auth.crypto.CryptoConst;
import com.ksign.KCaseLogging;
import com.ksign.asn1.ASN1ObjectIdentifier;
import com.ksign.asn1.x509.KeyPurposeId;
import com.ksign.asn1.x509.X509Extension;
import com.ksign.util.Arrays;
import com.secureland.smartmedic.SmartMedicUpdater;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import ksign.jce.crypto.ldap.LDAPUtil;
import ksign.jce.provider.x509.X509CRLEntryObject;
import ksign.jce.provider.x509.X509CRLObject;
import ksign.jce.provider.x509.X509CertificateObject;
import ksign.jce.util.HexPrint;
import ksign.jce.util.JCEUtil;
import org.apache.http.HttpHost;

/* loaded from: classes2.dex */
public class ValidateCert {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final String ANY_POLICY = "2.5.29.32.0";
    public static final int KCE_ALLUSAGE_CERT = 4;
    public static final int KCE_KM_CERT = 1;
    public static final int KCE_SN_CERT = 2;
    public static final int KCE_TSA_CERT = 3;
    public static final int KCV_CHECK_FULL_CRL = 0;
    public static final int KCV_CHECK_USER_CRL_ONLY = 1;
    private static final int MAX_CA_PATH_LEN = 1000;
    private static final int MAX_CERT_NO = 30;
    private static final int MAX_DIRCONTEXT_NO = 10;
    private static File cacheDir;
    protected String Cert3280DN;
    private String Ksigngpki_Cert_path;
    private String Ksigngpki_ConfFile_path;
    private String Ksigngpki_LicenFile_path;
    private String Ksigngpki_ServerCert_path;
    private String Ksigngpki_ServerKey_path;
    private String Ksigngpki_TrustCert_path;
    private X509CertificateObject RootxObject;
    private String baseDir;
    private Hashtable convertUrl;
    private Vector excludedSubtreesDN;
    private Vector excludedSubtreesdNSName;
    private Vector excludedSubtreesrfc822Name;
    private int explicitPolicy;
    private int inhibitAnyPolicy;
    private boolean initialAnyPolicyInhibit;
    private boolean initialExplicitPolicy;
    private boolean initialPolicyMappingInhibit;
    private boolean isLocalSaveCRL;
    private Vector m_acceptablePolicySet;
    private boolean m_bAcceptablePolicySet_any;
    private boolean m_bInitialPolicySet_any;
    private boolean m_bPathValidationOp;
    private DirContext[] m_dircontexts;
    private Vector m_initialPolicySet;
    private int m_nCAPathLen;
    private int m_nCrlCheckOption;
    private int m_nExplicitPolicy;
    private int m_nPolicyMapping;
    private int m_nValidateNo;
    private int maxPathLenght;
    private int n;
    private String password;
    private Vector permittedSubtreesDN;
    private Vector permittedSubtreesdNSName;
    private Vector permittedSubtreesrfc822Name;
    private int policyMapping;
    private Date presentTime;
    private String strldapUrl;
    private String userLdapDN;

    public ValidateCert() {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        try {
            jbInit();
        } catch (Exception e) {
            KCaseLogging.print(e);
        }
    }

    public ValidateCert(String str) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.baseDir = str;
    }

    public ValidateCert(String str, Hashtable hashtable) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.baseDir = str;
        if (hashtable != null) {
            this.convertUrl = hashtable;
        }
    }

    public ValidateCert(String str, boolean z, String str2) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        setInitialPolicy(str, z);
        this.baseDir = str2;
    }

    public ValidateCert(String str, boolean z, boolean z2, int i, String str2) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.m_bPathValidationOp = z2;
        this.m_nCrlCheckOption = i;
        setInitialPolicy(str, z);
        this.baseDir = str2;
    }

    public ValidateCert(Hashtable hashtable) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        if (hashtable != null) {
            this.convertUrl = hashtable;
        }
    }

    public ValidateCert(boolean z, int i, String str) {
        this.Ksigngpki_Cert_path = null;
        this.Ksigngpki_ServerCert_path = null;
        this.Ksigngpki_ServerKey_path = null;
        this.Ksigngpki_ConfFile_path = null;
        this.Ksigngpki_LicenFile_path = null;
        this.Ksigngpki_TrustCert_path = null;
        this.m_bPathValidationOp = true;
        this.m_nCrlCheckOption = 0;
        this.m_bInitialPolicySet_any = true;
        this.m_initialPolicySet = null;
        this.isLocalSaveCRL = true;
        this.userLdapDN = null;
        this.password = null;
        this.m_nExplicitPolicy = 0;
        this.m_nPolicyMapping = 0;
        this.m_nCAPathLen = 0;
        this.m_nValidateNo = 0;
        this.m_bAcceptablePolicySet_any = true;
        this.m_acceptablePolicySet = null;
        this.m_dircontexts = new DirContext[10];
        this.baseDir = null;
        this.Cert3280DN = "AccreditedCA";
        this.RootxObject = null;
        this.n = 0;
        this.presentTime = null;
        this.initialPolicyMappingInhibit = false;
        this.initialExplicitPolicy = true;
        this.initialAnyPolicyInhibit = false;
        this.permittedSubtreesDN = null;
        this.permittedSubtreesrfc822Name = null;
        this.permittedSubtreesdNSName = null;
        this.excludedSubtreesDN = null;
        this.excludedSubtreesrfc822Name = null;
        this.excludedSubtreesdNSName = null;
        this.convertUrl = null;
        this.m_bPathValidationOp = z;
        this.m_nCrlCheckOption = i;
        this.baseDir = str;
    }

    private boolean checkCertIssuedbyIssuer(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) throws ValidateException {
        String[] authorityKeyId = x509CertificateObject.getAuthorityKeyId();
        String subjectKeyId = x509CertificateObject2.getSubjectKeyId();
        if (authorityKeyId[0] == null || subjectKeyId == null) {
            JCEUtil.setErrorcode("20007");
            throw new ValidateException("(KSign) Cert AKI's input value is null");
        }
        if (authorityKeyId[0].equalsIgnoreCase(subjectKeyId)) {
            return true;
        }
        JCEUtil.setErrorcode("300018");
        throw new ValidateException("(KSign) Cert AKI's KeyIdentifier value wrong");
    }

    private boolean checkCertificatePolicies3280(X509CertificateObject x509CertificateObject) {
        if (x509CertificateObject == null) {
            return false;
        }
        String[] policy = x509CertificateObject.getPolicy();
        for (String str : policy) {
            KCaseLogging.println("�뜝�떕�슱�삕 �뜝�룞�삕�뜝�룞�삕 policy : " + str);
        }
        return assureCertPoliciesInPolicySet(policy, false, this.m_initialPolicySet, this.m_bInitialPolicySet_any) && intersectionAPSwithCP(this.m_acceptablePolicySet, this.m_bAcceptablePolicySet_any, policy, false);
    }

    private void checkExcludedDN(Vector vector, String str) throws ValidateException {
        if (!vector.isEmpty() && withinDNSubtree(str, vector)) {
            JCEUtil.setErrorcode("50021");
            throw new ValidateException("(KSign) 3280 Cert's Subject directory name is not from an excluded subtree");
        }
    }

    private void checkExcludeddNSName(Vector vector, String str) throws ValidateException {
        if (vector.isEmpty()) {
            return;
        }
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                JCEUtil.setErrorcode("50021");
                throw new ValidateException("(KSign) 3280 Cert's Subject dNSname is from an excluded subtree");
            }
        }
    }

    private void checkExcludedrfc822Name(Vector vector, String str) throws ValidateException {
        if (vector.isEmpty()) {
            return;
        }
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                JCEUtil.setErrorcode("50021");
                throw new ValidateException("(KSign) 3280 Cert's Subject rfc822Name address is from an excluded subtree");
            }
        }
    }

    private void checkPermittedDN(Vector vector, String str) throws ValidateException {
        if (vector.isEmpty() || withinDNSubtree(str, vector)) {
            return;
        }
        JCEUtil.setErrorcode("50020");
        throw new ValidateException("(KSign) 3280 Cert's Subject directory name is not from a permitted subtree");
    }

    private void checkPermitteddNSName(Vector vector, String str) throws ValidateException {
        if (vector.isEmpty()) {
            return;
        }
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                return;
            }
        }
        JCEUtil.setErrorcode("50020");
        throw new ValidateException("(KSign) 3280 Cert's Subject dNSname is not from a permitted subtree");
    }

    private void checkPermittedrfc822Name(Vector vector, String str) throws ValidateException {
        if (vector.isEmpty()) {
            return;
        }
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).toLowerCase().endsWith(substring)) {
                return;
            }
        }
        JCEUtil.setErrorcode("50020");
        throw new ValidateException("(KSign) 3280 Cert's Subject rfc822Name address is not from a permitted subtree");
    }

    private boolean checkValidateIssuerCrl(String[] strArr, String[] strArr2) throws ValidateException {
        return (strArr2 == null || strArr[0] == null || strArr[1] == null || strArr[2] == null || strArr2[0] == null || strArr2[1] == null || strArr2[2] == null || !strArr[0].equalsIgnoreCase(strArr2[0]) || !strArr[1].equalsIgnoreCase(strArr2[1]) || !strArr[2].equalsIgnoreCase(strArr2[2])) ? false : true;
    }

    private Vector constructCertificatChain_2459(X509CertificateObject x509CertificateObject, boolean z) throws Exception {
        if (!z) {
            return (Vector) setCertListFromLdap3(x509CertificateObject, true);
        }
        KCaseLogging.println("<<KSign>> 2459 Cert");
        Vector vector = (Vector) setCertListFromLdap3(x509CertificateObject, false);
        if (vector == null) {
            JCEUtil.setErrorcode("50047");
            throw new ValidateException("(KSign) setCertListFromLdap3's certificate path build error");
        }
        int size = vector.size();
        this.m_nValidateNo = size;
        this.m_nCAPathLen = 1000;
        this.m_nExplicitPolicy = size + 1;
        this.m_nPolicyMapping = size + 1;
        this.m_bAcceptablePolicySet_any = false;
        return vector;
    }

    private Vector constructCertificatChain_3280(X509CertificateObject x509CertificateObject, boolean z) throws Exception {
        KCaseLogging.println("<<KSign>> 3280 Cert");
        Vector vector = (Vector) setCertListFromLdap3280(x509CertificateObject, false);
        if (vector == null) {
            JCEUtil.setErrorcode("50047");
            throw new ValidateException("(KSign) setCertListFromLdap3's certificate path build error");
        }
        int size = vector.size();
        this.m_nValidateNo = size;
        this.m_nCAPathLen = 1000;
        this.m_nExplicitPolicy = size + 1;
        this.m_nPolicyMapping = size + 1;
        this.m_bAcceptablePolicySet_any = false;
        return vector;
    }

    private int copyStream(InputStream inputStream, OutputStream outputStream, int i) throws IOException {
        byte[] bArr = new byte[1000];
        int i2 = 0;
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return i2;
            }
            outputStream.write(bArr, 0, read);
            i2 += read;
        }
    }

    private int copyURLToFile(URLConnection uRLConnection, File file) throws IOException {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(uRLConnection.getInputStream());
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
            try {
                return copyStream(bufferedInputStream, bufferedOutputStream, uRLConnection.getContentLength());
            } finally {
                bufferedOutputStream.close();
            }
        } finally {
            bufferedInputStream.close();
        }
    }

    private void createCacheDir() throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(System.getProperty("user.home"));
        stringBuffer.append(File.separator);
        stringBuffer.append(".kcaseApplet");
        stringBuffer.append(File.separator);
        stringBuffer.append("cache");
        File file = new File(stringBuffer.toString());
        if (KCaseLogging.isKsignDebug) {
            System.err.println("cacheBaseDir = " + file.getAbsolutePath());
        }
        cacheDir = new File(file, "CRL");
        if (KCaseLogging.isKsignDebug) {
            System.err.println("cacheDir = " + cacheDir.getAbsolutePath());
        }
        if (cacheDir.isDirectory() || cacheDir.mkdirs()) {
            return;
        }
        throw new IOException("Cannot create directory " + cacheDir);
    }

    private Vector intersectDN(Vector vector, String str) {
        if (vector.isEmpty()) {
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2.toLowerCase().endsWith(str.toLowerCase())) {
                vector2.add(str2.toLowerCase());
            }
        }
        return vector2;
    }

    private Vector intersectdNSName(Vector vector, String str) {
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        if (vector.isEmpty()) {
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2.toLowerCase().endsWith(substring)) {
                vector2.add(str2.toLowerCase());
            }
        }
        return vector2;
    }

    private Vector intersectrfc822Name(Vector vector, String str) {
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        if (vector.isEmpty()) {
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2.toLowerCase().endsWith(substring)) {
                vector2.add(str2.toLowerCase());
            }
        }
        return vector2;
    }

    private boolean isCertIssuedbyIssuer2459(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) {
        String name = x509CertificateObject2.getSubjectDN().getName();
        String name2 = x509CertificateObject.getIssuerDN().getName();
        KCaseLogging.println(">> DEBUG << ValidateCert.isCertIssuedbyIssuer() : " + x509CertificateObject.getSubjectDN().getName());
        if (!name.equals(name2)) {
            KCaseLogging.println("ValidateCert.isCertIssuedbyIssuer() : Issuer's subject's DN is different from user's issuerDN \nuser(" + x509CertificateObject.getSubjectDN().getName() + "," + x509CertificateObject.getIssuerDN().getName() + ")issuer(" + x509CertificateObject2.getSubjectDN().getName());
            return false;
        }
        if (Arrays.areEqual(x509CertificateObject.getAuthorityKeyIdentifier(), x509CertificateObject2.getSubjectKeyIdentifier())) {
            return true;
        }
        KCaseLogging.println("ValidateCert.isCertIssuedbyIssuer() : Issuer's SubjectKeyIdentifier is different from user's AuthorityKeyIdentifier \nuser(" + x509CertificateObject.getSubjectDN().getName() + ") : AKI :" + HexPrint.byteArrayToHexString(x509CertificateObject.getAuthorityKeyIdentifier()) + "\nissuer(" + x509CertificateObject2.getSubjectDN().getName() + ") : SKI :" + HexPrint.byteArrayToHexString(x509CertificateObject2.getSubjectKeyIdentifier()));
        return false;
    }

    private boolean isCertIssuedbyIssuerCert(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) {
        boolean equals = x509CertificateObject.getIssuerDN().getName().equals(x509CertificateObject2.getSubjectDN().getName());
        if (!Arrays.areEqual(x509CertificateObject.getAuthorityKeyIdentifier(), x509CertificateObject2.getSubjectKeyIdentifier())) {
            KCaseLogging.println(">>DEBUG<< ValidateCert.isCertIssuedbyIssuer() : Issuer's SubjectKeyIdentifier is different from user's AuthorityKeyIdentifier \nuser(" + x509CertificateObject.getSubjectDN().getName() + ") : AKI :" + HexPrint.byteArrayToHexString(x509CertificateObject.getAuthorityKeyIdentifier()) + "\nissuer(" + x509CertificateObject2.getSubjectDN().getName() + ") : SKI :" + HexPrint.byteArrayToHexString(x509CertificateObject2.getSubjectKeyIdentifier()));
        }
        return equals;
    }

    private void jbInit() throws Exception {
    }

    private String removeDNQuotation(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        int indexOf = str.indexOf("\"");
        do {
            if (str.indexOf("\"") != -1) {
                stringBuffer.deleteCharAt(indexOf);
                str = str.substring(str.indexOf("\"") + 1, str.length());
            }
            indexOf += str.indexOf("\"");
        } while (str.indexOf("\"") != -1);
        return stringBuffer.toString();
    }

    private String removeDNQuotation2(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        int indexOf = str.indexOf("\\");
        do {
            if (str.indexOf("\\") != -1) {
                stringBuffer.deleteCharAt(indexOf);
                str = str.substring(str.indexOf("\\") + 1, str.length());
            }
            indexOf += str.indexOf("\\");
        } while (str.indexOf("\\") != -1);
        return stringBuffer.toString();
    }

    private X509CertificateObject searchCert(String str, X509CertificateObject[] x509CertificateObjectArr) {
        for (int i = 0; i < x509CertificateObjectArr.length; i++) {
            if (str.equals(x509CertificateObjectArr[i].getSubjectDN().getName())) {
                return x509CertificateObjectArr[i];
            }
        }
        return null;
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x002a, code lost:
    
        return r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.Object setCertListFromLdap3(ksign.jce.provider.x509.X509CertificateObject r18, boolean r19) throws ksign.jce.provider.validate.ValidateException {
        /*
            Method dump skipped, instructions count: 634
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ksign.jce.provider.validate.ValidateCert.setCertListFromLdap3(ksign.jce.provider.x509.X509CertificateObject, boolean):java.lang.Object");
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Object setCertListFromLdap3280(X509CertificateObject x509CertificateObject, boolean z) throws ValidateException {
        Vector vector = new Vector();
        KCaseLogging.println("<<KSign>> setCertListFromLdap3280 Start");
        try {
            if (x509CertificateObject == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setCertListFromLdap3280's input cert value is null");
            }
            String name = x509CertificateObject.getIssuerDN().getName();
            String name2 = x509CertificateObject.getSubjectDN().getName();
            int i = 0;
            while (!name.equals(name2) && (!z || i != 1)) {
                X509Certificate obtainHigherCert = obtainHigherCert(x509CertificateObject);
                if (!checkCertIssuedbyIssuer(x509CertificateObject, (X509CertificateObject) obtainHigherCert)) {
                    throw new ValidateException("(KSign) setCertListFromLdap3280's Certificate and CA Certificate is different!!");
                }
                KCaseLogging.println("<<KSign>> �뜝�떆諛붾챿�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�뜝�뙥源띿삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 OK");
                vector.addElement(obtainHigherCert);
                String name3 = obtainHigherCert.getIssuerDN().getName();
                name2 = obtainHigherCert.getSubjectDN().getName();
                KCaseLogging.println("issuercert : issuerDN : " + name3 + ",\n subjectDN : " + name2);
                i++;
                name = name3;
                x509CertificateObject = obtainHigherCert;
            }
            return vector;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("50047");
            }
            throw new ValidateException("(KSign) ValidateCert : setCertListFromLdap3280's process Error    " + e.toString());
        }
    }

    private boolean setInit3280() {
        this.n = this.m_nValidateNo + 1;
        this.presentTime = new Date();
        this.permittedSubtreesDN = new Vector();
        this.permittedSubtreesrfc822Name = new Vector();
        this.permittedSubtreesdNSName = new Vector();
        this.excludedSubtreesDN = new Vector();
        this.excludedSubtreesrfc822Name = new Vector();
        this.excludedSubtreesdNSName = new Vector();
        if (this.initialExplicitPolicy) {
            this.explicitPolicy = 0;
        } else {
            this.explicitPolicy = this.n + 1;
        }
        if (this.initialAnyPolicyInhibit) {
            this.inhibitAnyPolicy = 0;
        } else {
            this.inhibitAnyPolicy = this.n + 1;
        }
        if (this.initialPolicyMappingInhibit) {
            this.policyMapping = 0;
        } else {
            this.policyMapping = this.n + 1;
        }
        this.maxPathLenght = this.n;
        return true;
    }

    private Vector unionDN(Vector vector, String str) {
        if (vector.isEmpty()) {
            vector.add(str.toLowerCase());
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            vector2.add(((String) it.next()).toLowerCase());
        }
        vector2.add(str.toLowerCase());
        return vector2;
    }

    private Vector uniondNSName(Vector vector, String str) {
        String substring = (str.startsWith("WWW") || str.startsWith("www")) ? str.toLowerCase().substring(3) : str.toLowerCase();
        if (vector.isEmpty()) {
            vector.add(substring);
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            vector2.add(((String) it.next()).toLowerCase());
        }
        vector2.add(substring);
        return vector2;
    }

    private Vector unionrfc822Name(Vector vector, String str) {
        String substring = str.toLowerCase().substring(str.indexOf(64) + 1);
        if (vector.isEmpty()) {
            vector.add(substring);
            return vector;
        }
        Vector vector2 = new Vector();
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            vector2.add(((String) it.next()).toLowerCase());
        }
        vector2.add(substring);
        return vector2;
    }

    private boolean validateCertificateChain_2459(X509CertificateObject x509CertificateObject, Vector vector, boolean z, int i, boolean z2) throws Exception {
        if (z) {
            if (!verifyCertificate2459((X509CertificateObject) vector.lastElement(), (X509CertificateObject) vector.lastElement(), i, 1)) {
                throw new ValidateException("(KSign) validateCertificateFromLDAP's Root CA certificate path verify error");
            }
            for (int size = vector.size() - 1; size > 0; size--) {
                if (!verifyCertificate2459((X509CertificateObject) vector.get(size - 1), (X509CertificateObject) vector.get(size), i, (vector.size() - size) + 1)) {
                    throw new ValidateException("(KSign) validateCertificateFromLDAP's CA certificate path verify error");
                }
            }
        }
        if (z2 && !verifyCertificate2459(x509CertificateObject, (X509CertificateObject) vector.firstElement(), i, vector.size() + 1)) {
            throw new ValidateException("(KSign) validateCertificateFromLDAP's User certificate path verify error");
        }
        closeDirContexts();
        return true;
    }

    private boolean validateCertificateChain_3280(X509CertificateObject x509CertificateObject, Vector vector, boolean z, int i, boolean z2) throws Exception {
        if (!setInit3280()) {
            JCEUtil.setErrorcode("300027");
            throw new ValidateException("(KSign) validateCertificateFromLDAP's 3280 Cert's initial value setting Error !!!!!");
        }
        if (z) {
            if (!verifyCertificate3280((X509CertificateObject) vector.lastElement(), (X509CertificateObject) vector.lastElement(), i, 1)) {
                throw new ValidateException("(KSign) validateCertificateFromLDAP's 3280 Root CA certificate path verify error");
            }
            for (int size = vector.size() - 1; size > 0; size--) {
                X509CertificateObject x509CertificateObject2 = (X509CertificateObject) vector.get(size - 1);
                X509CertificateObject x509CertificateObject3 = (X509CertificateObject) vector.get(size);
                KCaseLogging.println("issuerCertList [" + size + "] : " + x509CertificateObject2.getSubjectDN() + "," + x509CertificateObject3.getSubjectDN());
                if (!verifyCertificate3280(x509CertificateObject2, x509CertificateObject3, i, (vector.size() - size) + 1)) {
                    throw new ValidateException("(KSign) validateCertificateFromLDAP's 3280 CA certificate path verify error");
                }
            }
        }
        if (z2 && !verifyCertificate3280(x509CertificateObject, (X509CertificateObject) vector.firstElement(), i, vector.size() + 1)) {
            throw new ValidateException("(KSign) validateCertificateFromLDAP's 3280 User certificate path verify error");
        }
        closeDirContexts();
        return true;
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x0067, code lost:
    
        if (r0 == false) goto L15;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0069, code lost:
    
        return true;
     */
    /* JADX WARN: Removed duplicated region for block: B:123:0x02c6 A[Catch: Exception -> 0x02d7, TryCatch #0 {Exception -> 0x02d7, blocks: (B:2:0x0000, B:5:0x0049, B:9:0x0058, B:10:0x0064, B:15:0x006a, B:21:0x00b9, B:25:0x014b, B:27:0x014f, B:28:0x0158, B:32:0x0165, B:35:0x016c, B:36:0x0174, B:37:0x0187, B:39:0x018b, B:42:0x0192, B:43:0x019e, B:44:0x019f, B:46:0x01a5, B:48:0x01ad, B:50:0x01b3, B:52:0x01b7, B:54:0x01bd, B:56:0x01c5, B:57:0x01c8, B:58:0x01d4, B:59:0x01d5, B:61:0x01d9, B:62:0x01dc, B:64:0x01e2, B:66:0x01e8, B:68:0x01f0, B:69:0x01f3, B:70:0x01ff, B:72:0x0202, B:74:0x0208, B:77:0x020e, B:78:0x021a, B:79:0x021b, B:81:0x0221, B:83:0x0229, B:84:0x022b, B:86:0x0233, B:88:0x023a, B:89:0x023d, B:90:0x0249, B:91:0x024a, B:93:0x0250, B:95:0x0258, B:96:0x025a, B:98:0x0265, B:99:0x0299, B:101:0x02a1, B:103:0x02a7, B:105:0x02af, B:108:0x02b6, B:109:0x02c2, B:112:0x0268, B:113:0x0274, B:114:0x0275, B:115:0x0281, B:118:0x0285, B:121:0x028c, B:122:0x0298, B:123:0x02c6, B:124:0x02d2, B:126:0x0177, B:129:0x017e, B:130:0x0186, B:131:0x00c1, B:133:0x00c5, B:135:0x0136, B:137:0x013a, B:141:0x0149, B:144:0x00cc, B:146:0x00d0, B:149:0x00de, B:150:0x00eb, B:152:0x00f4, B:154:0x0103, B:156:0x0107, B:159:0x0129, B:160:0x0130, B:161:0x0131, B:163:0x0076, B:165:0x0080, B:168:0x0094, B:171:0x00ac, B:172:0x00b8, B:174:0x00a7, B:178:0x0090), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:125:0x0175  */
    /* JADX WARN: Removed duplicated region for block: B:133:0x00c5 A[Catch: Exception -> 0x02d7, TryCatch #0 {Exception -> 0x02d7, blocks: (B:2:0x0000, B:5:0x0049, B:9:0x0058, B:10:0x0064, B:15:0x006a, B:21:0x00b9, B:25:0x014b, B:27:0x014f, B:28:0x0158, B:32:0x0165, B:35:0x016c, B:36:0x0174, B:37:0x0187, B:39:0x018b, B:42:0x0192, B:43:0x019e, B:44:0x019f, B:46:0x01a5, B:48:0x01ad, B:50:0x01b3, B:52:0x01b7, B:54:0x01bd, B:56:0x01c5, B:57:0x01c8, B:58:0x01d4, B:59:0x01d5, B:61:0x01d9, B:62:0x01dc, B:64:0x01e2, B:66:0x01e8, B:68:0x01f0, B:69:0x01f3, B:70:0x01ff, B:72:0x0202, B:74:0x0208, B:77:0x020e, B:78:0x021a, B:79:0x021b, B:81:0x0221, B:83:0x0229, B:84:0x022b, B:86:0x0233, B:88:0x023a, B:89:0x023d, B:90:0x0249, B:91:0x024a, B:93:0x0250, B:95:0x0258, B:96:0x025a, B:98:0x0265, B:99:0x0299, B:101:0x02a1, B:103:0x02a7, B:105:0x02af, B:108:0x02b6, B:109:0x02c2, B:112:0x0268, B:113:0x0274, B:114:0x0275, B:115:0x0281, B:118:0x0285, B:121:0x028c, B:122:0x0298, B:123:0x02c6, B:124:0x02d2, B:126:0x0177, B:129:0x017e, B:130:0x0186, B:131:0x00c1, B:133:0x00c5, B:135:0x0136, B:137:0x013a, B:141:0x0149, B:144:0x00cc, B:146:0x00d0, B:149:0x00de, B:150:0x00eb, B:152:0x00f4, B:154:0x0103, B:156:0x0107, B:159:0x0129, B:160:0x0130, B:161:0x0131, B:163:0x0076, B:165:0x0080, B:168:0x0094, B:171:0x00ac, B:172:0x00b8, B:174:0x00a7, B:178:0x0090), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:137:0x013a A[Catch: Exception -> 0x02d7, TryCatch #0 {Exception -> 0x02d7, blocks: (B:2:0x0000, B:5:0x0049, B:9:0x0058, B:10:0x0064, B:15:0x006a, B:21:0x00b9, B:25:0x014b, B:27:0x014f, B:28:0x0158, B:32:0x0165, B:35:0x016c, B:36:0x0174, B:37:0x0187, B:39:0x018b, B:42:0x0192, B:43:0x019e, B:44:0x019f, B:46:0x01a5, B:48:0x01ad, B:50:0x01b3, B:52:0x01b7, B:54:0x01bd, B:56:0x01c5, B:57:0x01c8, B:58:0x01d4, B:59:0x01d5, B:61:0x01d9, B:62:0x01dc, B:64:0x01e2, B:66:0x01e8, B:68:0x01f0, B:69:0x01f3, B:70:0x01ff, B:72:0x0202, B:74:0x0208, B:77:0x020e, B:78:0x021a, B:79:0x021b, B:81:0x0221, B:83:0x0229, B:84:0x022b, B:86:0x0233, B:88:0x023a, B:89:0x023d, B:90:0x0249, B:91:0x024a, B:93:0x0250, B:95:0x0258, B:96:0x025a, B:98:0x0265, B:99:0x0299, B:101:0x02a1, B:103:0x02a7, B:105:0x02af, B:108:0x02b6, B:109:0x02c2, B:112:0x0268, B:113:0x0274, B:114:0x0275, B:115:0x0281, B:118:0x0285, B:121:0x028c, B:122:0x0298, B:123:0x02c6, B:124:0x02d2, B:126:0x0177, B:129:0x017e, B:130:0x0186, B:131:0x00c1, B:133:0x00c5, B:135:0x0136, B:137:0x013a, B:141:0x0149, B:144:0x00cc, B:146:0x00d0, B:149:0x00de, B:150:0x00eb, B:152:0x00f4, B:154:0x0103, B:156:0x0107, B:159:0x0129, B:160:0x0130, B:161:0x0131, B:163:0x0076, B:165:0x0080, B:168:0x0094, B:171:0x00ac, B:172:0x00b8, B:174:0x00a7, B:178:0x0090), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:142:0x0139 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:144:0x00cc A[Catch: Exception -> 0x02d7, TryCatch #0 {Exception -> 0x02d7, blocks: (B:2:0x0000, B:5:0x0049, B:9:0x0058, B:10:0x0064, B:15:0x006a, B:21:0x00b9, B:25:0x014b, B:27:0x014f, B:28:0x0158, B:32:0x0165, B:35:0x016c, B:36:0x0174, B:37:0x0187, B:39:0x018b, B:42:0x0192, B:43:0x019e, B:44:0x019f, B:46:0x01a5, B:48:0x01ad, B:50:0x01b3, B:52:0x01b7, B:54:0x01bd, B:56:0x01c5, B:57:0x01c8, B:58:0x01d4, B:59:0x01d5, B:61:0x01d9, B:62:0x01dc, B:64:0x01e2, B:66:0x01e8, B:68:0x01f0, B:69:0x01f3, B:70:0x01ff, B:72:0x0202, B:74:0x0208, B:77:0x020e, B:78:0x021a, B:79:0x021b, B:81:0x0221, B:83:0x0229, B:84:0x022b, B:86:0x0233, B:88:0x023a, B:89:0x023d, B:90:0x0249, B:91:0x024a, B:93:0x0250, B:95:0x0258, B:96:0x025a, B:98:0x0265, B:99:0x0299, B:101:0x02a1, B:103:0x02a7, B:105:0x02af, B:108:0x02b6, B:109:0x02c2, B:112:0x0268, B:113:0x0274, B:114:0x0275, B:115:0x0281, B:118:0x0285, B:121:0x028c, B:122:0x0298, B:123:0x02c6, B:124:0x02d2, B:126:0x0177, B:129:0x017e, B:130:0x0186, B:131:0x00c1, B:133:0x00c5, B:135:0x0136, B:137:0x013a, B:141:0x0149, B:144:0x00cc, B:146:0x00d0, B:149:0x00de, B:150:0x00eb, B:152:0x00f4, B:154:0x0103, B:156:0x0107, B:159:0x0129, B:160:0x0130, B:161:0x0131, B:163:0x0076, B:165:0x0080, B:168:0x0094, B:171:0x00ac, B:172:0x00b8, B:174:0x00a7, B:178:0x0090), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:27:0x014f A[Catch: Exception -> 0x02d7, TryCatch #0 {Exception -> 0x02d7, blocks: (B:2:0x0000, B:5:0x0049, B:9:0x0058, B:10:0x0064, B:15:0x006a, B:21:0x00b9, B:25:0x014b, B:27:0x014f, B:28:0x0158, B:32:0x0165, B:35:0x016c, B:36:0x0174, B:37:0x0187, B:39:0x018b, B:42:0x0192, B:43:0x019e, B:44:0x019f, B:46:0x01a5, B:48:0x01ad, B:50:0x01b3, B:52:0x01b7, B:54:0x01bd, B:56:0x01c5, B:57:0x01c8, B:58:0x01d4, B:59:0x01d5, B:61:0x01d9, B:62:0x01dc, B:64:0x01e2, B:66:0x01e8, B:68:0x01f0, B:69:0x01f3, B:70:0x01ff, B:72:0x0202, B:74:0x0208, B:77:0x020e, B:78:0x021a, B:79:0x021b, B:81:0x0221, B:83:0x0229, B:84:0x022b, B:86:0x0233, B:88:0x023a, B:89:0x023d, B:90:0x0249, B:91:0x024a, B:93:0x0250, B:95:0x0258, B:96:0x025a, B:98:0x0265, B:99:0x0299, B:101:0x02a1, B:103:0x02a7, B:105:0x02af, B:108:0x02b6, B:109:0x02c2, B:112:0x0268, B:113:0x0274, B:114:0x0275, B:115:0x0281, B:118:0x0285, B:121:0x028c, B:122:0x0298, B:123:0x02c6, B:124:0x02d2, B:126:0x0177, B:129:0x017e, B:130:0x0186, B:131:0x00c1, B:133:0x00c5, B:135:0x0136, B:137:0x013a, B:141:0x0149, B:144:0x00cc, B:146:0x00d0, B:149:0x00de, B:150:0x00eb, B:152:0x00f4, B:154:0x0103, B:156:0x0107, B:159:0x0129, B:160:0x0130, B:161:0x0131, B:163:0x0076, B:165:0x0080, B:168:0x0094, B:171:0x00ac, B:172:0x00b8, B:174:0x00a7, B:178:0x0090), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0163  */
    /* JADX WARN: Removed duplicated region for block: B:46:0x01a5 A[Catch: Exception -> 0x02d7, TryCatch #0 {Exception -> 0x02d7, blocks: (B:2:0x0000, B:5:0x0049, B:9:0x0058, B:10:0x0064, B:15:0x006a, B:21:0x00b9, B:25:0x014b, B:27:0x014f, B:28:0x0158, B:32:0x0165, B:35:0x016c, B:36:0x0174, B:37:0x0187, B:39:0x018b, B:42:0x0192, B:43:0x019e, B:44:0x019f, B:46:0x01a5, B:48:0x01ad, B:50:0x01b3, B:52:0x01b7, B:54:0x01bd, B:56:0x01c5, B:57:0x01c8, B:58:0x01d4, B:59:0x01d5, B:61:0x01d9, B:62:0x01dc, B:64:0x01e2, B:66:0x01e8, B:68:0x01f0, B:69:0x01f3, B:70:0x01ff, B:72:0x0202, B:74:0x0208, B:77:0x020e, B:78:0x021a, B:79:0x021b, B:81:0x0221, B:83:0x0229, B:84:0x022b, B:86:0x0233, B:88:0x023a, B:89:0x023d, B:90:0x0249, B:91:0x024a, B:93:0x0250, B:95:0x0258, B:96:0x025a, B:98:0x0265, B:99:0x0299, B:101:0x02a1, B:103:0x02a7, B:105:0x02af, B:108:0x02b6, B:109:0x02c2, B:112:0x0268, B:113:0x0274, B:114:0x0275, B:115:0x0281, B:118:0x0285, B:121:0x028c, B:122:0x0298, B:123:0x02c6, B:124:0x02d2, B:126:0x0177, B:129:0x017e, B:130:0x0186, B:131:0x00c1, B:133:0x00c5, B:135:0x0136, B:137:0x013a, B:141:0x0149, B:144:0x00cc, B:146:0x00d0, B:149:0x00de, B:150:0x00eb, B:152:0x00f4, B:154:0x0103, B:156:0x0107, B:159:0x0129, B:160:0x0130, B:161:0x0131, B:163:0x0076, B:165:0x0080, B:168:0x0094, B:171:0x00ac, B:172:0x00b8, B:174:0x00a7, B:178:0x0090), top: B:1:0x0000 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean verifyCertificate2459(ksign.jce.provider.x509.X509CertificateObject r10, ksign.jce.provider.x509.X509CertificateObject r11, int r12, int r13) throws ksign.jce.provider.validate.ValidateException {
        /*
            Method dump skipped, instructions count: 766
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ksign.jce.provider.validate.ValidateCert.verifyCertificate2459(ksign.jce.provider.x509.X509CertificateObject, ksign.jce.provider.x509.X509CertificateObject, int, int):boolean");
    }

    /* JADX WARN: Code restructure failed: missing block: B:117:0x0415, code lost:
    
        checkPermittedDN(r17.permittedSubtreesDN, r18.getSubjectDN().getName());
        checkExcludedDN(r17.excludedSubtreesDN, r18.getSubjectDN().getName());
     */
    /* JADX WARN: Code restructure failed: missing block: B:118:0x0433, code lost:
    
        if (r18.getSANSubjectAltName() == null) goto L217;
     */
    /* JADX WARN: Code restructure failed: missing block: B:120:0x0439, code lost:
    
        if (r18.getSubjectAlternativeNamerfc822Name() == null) goto L211;
     */
    /* JADX WARN: Code restructure failed: missing block: B:121:0x043b, code lost:
    
        checkPermittedrfc822Name(r17.permittedSubtreesrfc822Name, r18.getSubjectAlternativeNamerfc822Name());
        checkExcludedrfc822Name(r17.excludedSubtreesrfc822Name, r18.getSubjectAlternativeNamerfc822Name());
     */
    /* JADX WARN: Code restructure failed: missing block: B:123:0x0452, code lost:
    
        if (r18.getSubjectAlternativeNamedNSName() == null) goto L214;
     */
    /* JADX WARN: Code restructure failed: missing block: B:124:0x0454, code lost:
    
        checkPermitteddNSName(r17.permittedSubtreesDN, r18.getSubjectAlternativeNamedNSName());
        checkExcludeddNSName(r17.excludedSubtreesDN, r18.getSubjectAlternativeNamedNSName());
     */
    /* JADX WARN: Code restructure failed: missing block: B:126:0x046b, code lost:
    
        if (r18.getSubjectAlternativeNameDN() == null) goto L217;
     */
    /* JADX WARN: Code restructure failed: missing block: B:127:0x046d, code lost:
    
        checkPermittedDN(r17.permittedSubtreesDN, r18.getSubjectAlternativeNameDN());
        checkExcludedDN(r17.excludedSubtreesDN, r18.getSubjectAlternativeNameDN());
     */
    /* JADX WARN: Code restructure failed: missing block: B:210:0x05ef, code lost:
    
        r0 = r17.explicitPolicy;
     */
    /* JADX WARN: Code restructure failed: missing block: B:211:0x05f1, code lost:
    
        if (r0 == 0) goto L311;
     */
    /* JADX WARN: Code restructure failed: missing block: B:212:0x05f3, code lost:
    
        r17.explicitPolicy = r0 - 1;
     */
    /* JADX WARN: Removed duplicated region for block: B:107:0x03ef A[Catch: Exception -> 0x060b, TryCatch #1 {Exception -> 0x060b, blocks: (B:3:0x0006, B:6:0x0032, B:9:0x0048, B:11:0x004e, B:14:0x0062, B:18:0x0071, B:19:0x007d, B:25:0x0085, B:27:0x008f, B:28:0x00b6, B:32:0x00be, B:35:0x00c8, B:37:0x0194, B:43:0x01a7, B:45:0x01aa, B:47:0x01b4, B:49:0x01db, B:51:0x01e1, B:54:0x01fc, B:55:0x0208, B:56:0x0209, B:58:0x0213, B:61:0x021b, B:63:0x0239, B:66:0x0244, B:67:0x024e, B:68:0x024f, B:71:0x0268, B:72:0x0272, B:73:0x0273, B:75:0x027b, B:78:0x0294, B:81:0x029a, B:82:0x02d1, B:86:0x02dd, B:88:0x02e7, B:90:0x02f5, B:91:0x031f, B:93:0x0337, B:94:0x0352, B:95:0x035a, B:96:0x035b, B:98:0x0361, B:100:0x0371, B:103:0x0384, B:104:0x038c, B:105:0x03eb, B:107:0x03ef, B:108:0x03f6, B:111:0x03ff, B:114:0x0406, B:115:0x0412, B:117:0x0415, B:119:0x0435, B:121:0x043b, B:122:0x044e, B:124:0x0454, B:125:0x0467, B:127:0x046d, B:130:0x0483, B:132:0x0489, B:135:0x0490, B:136:0x049c, B:137:0x049d, B:138:0x04a7, B:139:0x04a8, B:141:0x04ae, B:143:0x04b6, B:145:0x04c8, B:147:0x04cb, B:148:0x04d7, B:151:0x04d8, B:153:0x04e1, B:158:0x04ec, B:159:0x04f9, B:160:0x0506, B:161:0x0512, B:163:0x0518, B:168:0x0523, B:169:0x0530, B:170:0x053d, B:172:0x054b, B:174:0x054f, B:175:0x0552, B:177:0x0556, B:178:0x0559, B:180:0x055d, B:181:0x0560, B:183:0x0566, B:185:0x056e, B:187:0x0576, B:189:0x057a, B:190:0x057d, B:192:0x0583, B:194:0x058b, B:197:0x0595, B:200:0x059e, B:201:0x05a8, B:202:0x05a9, B:204:0x05b1, B:207:0x05b8, B:208:0x05c4, B:210:0x05ef, B:212:0x05f3, B:213:0x05f6, B:215:0x05fc, B:217:0x0604, B:221:0x05c8, B:223:0x05ce, B:226:0x05d5, B:227:0x05e1, B:228:0x05e2, B:229:0x05ec, B:231:0x038f, B:233:0x0399, B:235:0x039f, B:237:0x03af, B:240:0x03c2, B:241:0x03ca, B:242:0x03cb, B:243:0x03d5, B:255:0x02b5, B:259:0x02ba, B:249:0x02bf, B:257:0x02c4, B:251:0x02c9, B:253:0x02ce, B:260:0x0285, B:261:0x0291, B:263:0x03d6, B:264:0x03e2, B:265:0x01c9, B:39:0x0198, B:41:0x03e3, B:268:0x00e5, B:270:0x00ef, B:273:0x0101, B:276:0x0119, B:277:0x0125, B:279:0x0114, B:282:0x0126, B:284:0x012a, B:285:0x0131, B:287:0x0136, B:290:0x0141, B:291:0x014e, B:293:0x0157, B:295:0x0163, B:297:0x0167, B:300:0x0185, B:301:0x018c, B:303:0x018f, B:305:0x00fd, B:308:0x0092, B:310:0x009c, B:311:0x00a3, B:313:0x00ad, B:314:0x00b4, B:316:0x0056, B:317:0x0060, B:319:0x003b, B:320:0x0045, B:246:0x02a8), top: B:2:0x0006, inners: #3, #4, #5, #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:130:0x0483 A[Catch: Exception -> 0x060b, TRY_ENTER, TryCatch #1 {Exception -> 0x060b, blocks: (B:3:0x0006, B:6:0x0032, B:9:0x0048, B:11:0x004e, B:14:0x0062, B:18:0x0071, B:19:0x007d, B:25:0x0085, B:27:0x008f, B:28:0x00b6, B:32:0x00be, B:35:0x00c8, B:37:0x0194, B:43:0x01a7, B:45:0x01aa, B:47:0x01b4, B:49:0x01db, B:51:0x01e1, B:54:0x01fc, B:55:0x0208, B:56:0x0209, B:58:0x0213, B:61:0x021b, B:63:0x0239, B:66:0x0244, B:67:0x024e, B:68:0x024f, B:71:0x0268, B:72:0x0272, B:73:0x0273, B:75:0x027b, B:78:0x0294, B:81:0x029a, B:82:0x02d1, B:86:0x02dd, B:88:0x02e7, B:90:0x02f5, B:91:0x031f, B:93:0x0337, B:94:0x0352, B:95:0x035a, B:96:0x035b, B:98:0x0361, B:100:0x0371, B:103:0x0384, B:104:0x038c, B:105:0x03eb, B:107:0x03ef, B:108:0x03f6, B:111:0x03ff, B:114:0x0406, B:115:0x0412, B:117:0x0415, B:119:0x0435, B:121:0x043b, B:122:0x044e, B:124:0x0454, B:125:0x0467, B:127:0x046d, B:130:0x0483, B:132:0x0489, B:135:0x0490, B:136:0x049c, B:137:0x049d, B:138:0x04a7, B:139:0x04a8, B:141:0x04ae, B:143:0x04b6, B:145:0x04c8, B:147:0x04cb, B:148:0x04d7, B:151:0x04d8, B:153:0x04e1, B:158:0x04ec, B:159:0x04f9, B:160:0x0506, B:161:0x0512, B:163:0x0518, B:168:0x0523, B:169:0x0530, B:170:0x053d, B:172:0x054b, B:174:0x054f, B:175:0x0552, B:177:0x0556, B:178:0x0559, B:180:0x055d, B:181:0x0560, B:183:0x0566, B:185:0x056e, B:187:0x0576, B:189:0x057a, B:190:0x057d, B:192:0x0583, B:194:0x058b, B:197:0x0595, B:200:0x059e, B:201:0x05a8, B:202:0x05a9, B:204:0x05b1, B:207:0x05b8, B:208:0x05c4, B:210:0x05ef, B:212:0x05f3, B:213:0x05f6, B:215:0x05fc, B:217:0x0604, B:221:0x05c8, B:223:0x05ce, B:226:0x05d5, B:227:0x05e1, B:228:0x05e2, B:229:0x05ec, B:231:0x038f, B:233:0x0399, B:235:0x039f, B:237:0x03af, B:240:0x03c2, B:241:0x03ca, B:242:0x03cb, B:243:0x03d5, B:255:0x02b5, B:259:0x02ba, B:249:0x02bf, B:257:0x02c4, B:251:0x02c9, B:253:0x02ce, B:260:0x0285, B:261:0x0291, B:263:0x03d6, B:264:0x03e2, B:265:0x01c9, B:39:0x0198, B:41:0x03e3, B:268:0x00e5, B:270:0x00ef, B:273:0x0101, B:276:0x0119, B:277:0x0125, B:279:0x0114, B:282:0x0126, B:284:0x012a, B:285:0x0131, B:287:0x0136, B:290:0x0141, B:291:0x014e, B:293:0x0157, B:295:0x0163, B:297:0x0167, B:300:0x0185, B:301:0x018c, B:303:0x018f, B:305:0x00fd, B:308:0x0092, B:310:0x009c, B:311:0x00a3, B:313:0x00ad, B:314:0x00b4, B:316:0x0056, B:317:0x0060, B:319:0x003b, B:320:0x0045, B:246:0x02a8), top: B:2:0x0006, inners: #3, #4, #5, #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:141:0x04ae A[Catch: Exception -> 0x060b, LOOP:1: B:141:0x04ae->B:145:0x04c8, LOOP_START, PHI: r5
      0x04ae: PHI (r5v33 int) = (r5v2 int), (r5v34 int) binds: [B:140:0x04ac, B:145:0x04c8] A[DONT_GENERATE, DONT_INLINE], TryCatch #1 {Exception -> 0x060b, blocks: (B:3:0x0006, B:6:0x0032, B:9:0x0048, B:11:0x004e, B:14:0x0062, B:18:0x0071, B:19:0x007d, B:25:0x0085, B:27:0x008f, B:28:0x00b6, B:32:0x00be, B:35:0x00c8, B:37:0x0194, B:43:0x01a7, B:45:0x01aa, B:47:0x01b4, B:49:0x01db, B:51:0x01e1, B:54:0x01fc, B:55:0x0208, B:56:0x0209, B:58:0x0213, B:61:0x021b, B:63:0x0239, B:66:0x0244, B:67:0x024e, B:68:0x024f, B:71:0x0268, B:72:0x0272, B:73:0x0273, B:75:0x027b, B:78:0x0294, B:81:0x029a, B:82:0x02d1, B:86:0x02dd, B:88:0x02e7, B:90:0x02f5, B:91:0x031f, B:93:0x0337, B:94:0x0352, B:95:0x035a, B:96:0x035b, B:98:0x0361, B:100:0x0371, B:103:0x0384, B:104:0x038c, B:105:0x03eb, B:107:0x03ef, B:108:0x03f6, B:111:0x03ff, B:114:0x0406, B:115:0x0412, B:117:0x0415, B:119:0x0435, B:121:0x043b, B:122:0x044e, B:124:0x0454, B:125:0x0467, B:127:0x046d, B:130:0x0483, B:132:0x0489, B:135:0x0490, B:136:0x049c, B:137:0x049d, B:138:0x04a7, B:139:0x04a8, B:141:0x04ae, B:143:0x04b6, B:145:0x04c8, B:147:0x04cb, B:148:0x04d7, B:151:0x04d8, B:153:0x04e1, B:158:0x04ec, B:159:0x04f9, B:160:0x0506, B:161:0x0512, B:163:0x0518, B:168:0x0523, B:169:0x0530, B:170:0x053d, B:172:0x054b, B:174:0x054f, B:175:0x0552, B:177:0x0556, B:178:0x0559, B:180:0x055d, B:181:0x0560, B:183:0x0566, B:185:0x056e, B:187:0x0576, B:189:0x057a, B:190:0x057d, B:192:0x0583, B:194:0x058b, B:197:0x0595, B:200:0x059e, B:201:0x05a8, B:202:0x05a9, B:204:0x05b1, B:207:0x05b8, B:208:0x05c4, B:210:0x05ef, B:212:0x05f3, B:213:0x05f6, B:215:0x05fc, B:217:0x0604, B:221:0x05c8, B:223:0x05ce, B:226:0x05d5, B:227:0x05e1, B:228:0x05e2, B:229:0x05ec, B:231:0x038f, B:233:0x0399, B:235:0x039f, B:237:0x03af, B:240:0x03c2, B:241:0x03ca, B:242:0x03cb, B:243:0x03d5, B:255:0x02b5, B:259:0x02ba, B:249:0x02bf, B:257:0x02c4, B:251:0x02c9, B:253:0x02ce, B:260:0x0285, B:261:0x0291, B:263:0x03d6, B:264:0x03e2, B:265:0x01c9, B:39:0x0198, B:41:0x03e3, B:268:0x00e5, B:270:0x00ef, B:273:0x0101, B:276:0x0119, B:277:0x0125, B:279:0x0114, B:282:0x0126, B:284:0x012a, B:285:0x0131, B:287:0x0136, B:290:0x0141, B:291:0x014e, B:293:0x0157, B:295:0x0163, B:297:0x0167, B:300:0x0185, B:301:0x018c, B:303:0x018f, B:305:0x00fd, B:308:0x0092, B:310:0x009c, B:311:0x00a3, B:313:0x00ad, B:314:0x00b4, B:316:0x0056, B:317:0x0060, B:319:0x003b, B:320:0x0045, B:246:0x02a8), top: B:2:0x0006, inners: #3, #4, #5, #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:153:0x04e1 A[Catch: Exception -> 0x060b, TryCatch #1 {Exception -> 0x060b, blocks: (B:3:0x0006, B:6:0x0032, B:9:0x0048, B:11:0x004e, B:14:0x0062, B:18:0x0071, B:19:0x007d, B:25:0x0085, B:27:0x008f, B:28:0x00b6, B:32:0x00be, B:35:0x00c8, B:37:0x0194, B:43:0x01a7, B:45:0x01aa, B:47:0x01b4, B:49:0x01db, B:51:0x01e1, B:54:0x01fc, B:55:0x0208, B:56:0x0209, B:58:0x0213, B:61:0x021b, B:63:0x0239, B:66:0x0244, B:67:0x024e, B:68:0x024f, B:71:0x0268, B:72:0x0272, B:73:0x0273, B:75:0x027b, B:78:0x0294, B:81:0x029a, B:82:0x02d1, B:86:0x02dd, B:88:0x02e7, B:90:0x02f5, B:91:0x031f, B:93:0x0337, B:94:0x0352, B:95:0x035a, B:96:0x035b, B:98:0x0361, B:100:0x0371, B:103:0x0384, B:104:0x038c, B:105:0x03eb, B:107:0x03ef, B:108:0x03f6, B:111:0x03ff, B:114:0x0406, B:115:0x0412, B:117:0x0415, B:119:0x0435, B:121:0x043b, B:122:0x044e, B:124:0x0454, B:125:0x0467, B:127:0x046d, B:130:0x0483, B:132:0x0489, B:135:0x0490, B:136:0x049c, B:137:0x049d, B:138:0x04a7, B:139:0x04a8, B:141:0x04ae, B:143:0x04b6, B:145:0x04c8, B:147:0x04cb, B:148:0x04d7, B:151:0x04d8, B:153:0x04e1, B:158:0x04ec, B:159:0x04f9, B:160:0x0506, B:161:0x0512, B:163:0x0518, B:168:0x0523, B:169:0x0530, B:170:0x053d, B:172:0x054b, B:174:0x054f, B:175:0x0552, B:177:0x0556, B:178:0x0559, B:180:0x055d, B:181:0x0560, B:183:0x0566, B:185:0x056e, B:187:0x0576, B:189:0x057a, B:190:0x057d, B:192:0x0583, B:194:0x058b, B:197:0x0595, B:200:0x059e, B:201:0x05a8, B:202:0x05a9, B:204:0x05b1, B:207:0x05b8, B:208:0x05c4, B:210:0x05ef, B:212:0x05f3, B:213:0x05f6, B:215:0x05fc, B:217:0x0604, B:221:0x05c8, B:223:0x05ce, B:226:0x05d5, B:227:0x05e1, B:228:0x05e2, B:229:0x05ec, B:231:0x038f, B:233:0x0399, B:235:0x039f, B:237:0x03af, B:240:0x03c2, B:241:0x03ca, B:242:0x03cb, B:243:0x03d5, B:255:0x02b5, B:259:0x02ba, B:249:0x02bf, B:257:0x02c4, B:251:0x02c9, B:253:0x02ce, B:260:0x0285, B:261:0x0291, B:263:0x03d6, B:264:0x03e2, B:265:0x01c9, B:39:0x0198, B:41:0x03e3, B:268:0x00e5, B:270:0x00ef, B:273:0x0101, B:276:0x0119, B:277:0x0125, B:279:0x0114, B:282:0x0126, B:284:0x012a, B:285:0x0131, B:287:0x0136, B:290:0x0141, B:291:0x014e, B:293:0x0157, B:295:0x0163, B:297:0x0167, B:300:0x0185, B:301:0x018c, B:303:0x018f, B:305:0x00fd, B:308:0x0092, B:310:0x009c, B:311:0x00a3, B:313:0x00ad, B:314:0x00b4, B:316:0x0056, B:317:0x0060, B:319:0x003b, B:320:0x0045, B:246:0x02a8), top: B:2:0x0006, inners: #3, #4, #5, #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:163:0x0518 A[Catch: Exception -> 0x060b, TryCatch #1 {Exception -> 0x060b, blocks: (B:3:0x0006, B:6:0x0032, B:9:0x0048, B:11:0x004e, B:14:0x0062, B:18:0x0071, B:19:0x007d, B:25:0x0085, B:27:0x008f, B:28:0x00b6, B:32:0x00be, B:35:0x00c8, B:37:0x0194, B:43:0x01a7, B:45:0x01aa, B:47:0x01b4, B:49:0x01db, B:51:0x01e1, B:54:0x01fc, B:55:0x0208, B:56:0x0209, B:58:0x0213, B:61:0x021b, B:63:0x0239, B:66:0x0244, B:67:0x024e, B:68:0x024f, B:71:0x0268, B:72:0x0272, B:73:0x0273, B:75:0x027b, B:78:0x0294, B:81:0x029a, B:82:0x02d1, B:86:0x02dd, B:88:0x02e7, B:90:0x02f5, B:91:0x031f, B:93:0x0337, B:94:0x0352, B:95:0x035a, B:96:0x035b, B:98:0x0361, B:100:0x0371, B:103:0x0384, B:104:0x038c, B:105:0x03eb, B:107:0x03ef, B:108:0x03f6, B:111:0x03ff, B:114:0x0406, B:115:0x0412, B:117:0x0415, B:119:0x0435, B:121:0x043b, B:122:0x044e, B:124:0x0454, B:125:0x0467, B:127:0x046d, B:130:0x0483, B:132:0x0489, B:135:0x0490, B:136:0x049c, B:137:0x049d, B:138:0x04a7, B:139:0x04a8, B:141:0x04ae, B:143:0x04b6, B:145:0x04c8, B:147:0x04cb, B:148:0x04d7, B:151:0x04d8, B:153:0x04e1, B:158:0x04ec, B:159:0x04f9, B:160:0x0506, B:161:0x0512, B:163:0x0518, B:168:0x0523, B:169:0x0530, B:170:0x053d, B:172:0x054b, B:174:0x054f, B:175:0x0552, B:177:0x0556, B:178:0x0559, B:180:0x055d, B:181:0x0560, B:183:0x0566, B:185:0x056e, B:187:0x0576, B:189:0x057a, B:190:0x057d, B:192:0x0583, B:194:0x058b, B:197:0x0595, B:200:0x059e, B:201:0x05a8, B:202:0x05a9, B:204:0x05b1, B:207:0x05b8, B:208:0x05c4, B:210:0x05ef, B:212:0x05f3, B:213:0x05f6, B:215:0x05fc, B:217:0x0604, B:221:0x05c8, B:223:0x05ce, B:226:0x05d5, B:227:0x05e1, B:228:0x05e2, B:229:0x05ec, B:231:0x038f, B:233:0x0399, B:235:0x039f, B:237:0x03af, B:240:0x03c2, B:241:0x03ca, B:242:0x03cb, B:243:0x03d5, B:255:0x02b5, B:259:0x02ba, B:249:0x02bf, B:257:0x02c4, B:251:0x02c9, B:253:0x02ce, B:260:0x0285, B:261:0x0291, B:263:0x03d6, B:264:0x03e2, B:265:0x01c9, B:39:0x0198, B:41:0x03e3, B:268:0x00e5, B:270:0x00ef, B:273:0x0101, B:276:0x0119, B:277:0x0125, B:279:0x0114, B:282:0x0126, B:284:0x012a, B:285:0x0131, B:287:0x0136, B:290:0x0141, B:291:0x014e, B:293:0x0157, B:295:0x0163, B:297:0x0167, B:300:0x0185, B:301:0x018c, B:303:0x018f, B:305:0x00fd, B:308:0x0092, B:310:0x009c, B:311:0x00a3, B:313:0x00ad, B:314:0x00b4, B:316:0x0056, B:317:0x0060, B:319:0x003b, B:320:0x0045, B:246:0x02a8), top: B:2:0x0006, inners: #3, #4, #5, #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:172:0x054b A[Catch: Exception -> 0x060b, TryCatch #1 {Exception -> 0x060b, blocks: (B:3:0x0006, B:6:0x0032, B:9:0x0048, B:11:0x004e, B:14:0x0062, B:18:0x0071, B:19:0x007d, B:25:0x0085, B:27:0x008f, B:28:0x00b6, B:32:0x00be, B:35:0x00c8, B:37:0x0194, B:43:0x01a7, B:45:0x01aa, B:47:0x01b4, B:49:0x01db, B:51:0x01e1, B:54:0x01fc, B:55:0x0208, B:56:0x0209, B:58:0x0213, B:61:0x021b, B:63:0x0239, B:66:0x0244, B:67:0x024e, B:68:0x024f, B:71:0x0268, B:72:0x0272, B:73:0x0273, B:75:0x027b, B:78:0x0294, B:81:0x029a, B:82:0x02d1, B:86:0x02dd, B:88:0x02e7, B:90:0x02f5, B:91:0x031f, B:93:0x0337, B:94:0x0352, B:95:0x035a, B:96:0x035b, B:98:0x0361, B:100:0x0371, B:103:0x0384, B:104:0x038c, B:105:0x03eb, B:107:0x03ef, B:108:0x03f6, B:111:0x03ff, B:114:0x0406, B:115:0x0412, B:117:0x0415, B:119:0x0435, B:121:0x043b, B:122:0x044e, B:124:0x0454, B:125:0x0467, B:127:0x046d, B:130:0x0483, B:132:0x0489, B:135:0x0490, B:136:0x049c, B:137:0x049d, B:138:0x04a7, B:139:0x04a8, B:141:0x04ae, B:143:0x04b6, B:145:0x04c8, B:147:0x04cb, B:148:0x04d7, B:151:0x04d8, B:153:0x04e1, B:158:0x04ec, B:159:0x04f9, B:160:0x0506, B:161:0x0512, B:163:0x0518, B:168:0x0523, B:169:0x0530, B:170:0x053d, B:172:0x054b, B:174:0x054f, B:175:0x0552, B:177:0x0556, B:178:0x0559, B:180:0x055d, B:181:0x0560, B:183:0x0566, B:185:0x056e, B:187:0x0576, B:189:0x057a, B:190:0x057d, B:192:0x0583, B:194:0x058b, B:197:0x0595, B:200:0x059e, B:201:0x05a8, B:202:0x05a9, B:204:0x05b1, B:207:0x05b8, B:208:0x05c4, B:210:0x05ef, B:212:0x05f3, B:213:0x05f6, B:215:0x05fc, B:217:0x0604, B:221:0x05c8, B:223:0x05ce, B:226:0x05d5, B:227:0x05e1, B:228:0x05e2, B:229:0x05ec, B:231:0x038f, B:233:0x0399, B:235:0x039f, B:237:0x03af, B:240:0x03c2, B:241:0x03ca, B:242:0x03cb, B:243:0x03d5, B:255:0x02b5, B:259:0x02ba, B:249:0x02bf, B:257:0x02c4, B:251:0x02c9, B:253:0x02ce, B:260:0x0285, B:261:0x0291, B:263:0x03d6, B:264:0x03e2, B:265:0x01c9, B:39:0x0198, B:41:0x03e3, B:268:0x00e5, B:270:0x00ef, B:273:0x0101, B:276:0x0119, B:277:0x0125, B:279:0x0114, B:282:0x0126, B:284:0x012a, B:285:0x0131, B:287:0x0136, B:290:0x0141, B:291:0x014e, B:293:0x0157, B:295:0x0163, B:297:0x0167, B:300:0x0185, B:301:0x018c, B:303:0x018f, B:305:0x00fd, B:308:0x0092, B:310:0x009c, B:311:0x00a3, B:313:0x00ad, B:314:0x00b4, B:316:0x0056, B:317:0x0060, B:319:0x003b, B:320:0x0045, B:246:0x02a8), top: B:2:0x0006, inners: #3, #4, #5, #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:187:0x0576 A[Catch: Exception -> 0x060b, TryCatch #1 {Exception -> 0x060b, blocks: (B:3:0x0006, B:6:0x0032, B:9:0x0048, B:11:0x004e, B:14:0x0062, B:18:0x0071, B:19:0x007d, B:25:0x0085, B:27:0x008f, B:28:0x00b6, B:32:0x00be, B:35:0x00c8, B:37:0x0194, B:43:0x01a7, B:45:0x01aa, B:47:0x01b4, B:49:0x01db, B:51:0x01e1, B:54:0x01fc, B:55:0x0208, B:56:0x0209, B:58:0x0213, B:61:0x021b, B:63:0x0239, B:66:0x0244, B:67:0x024e, B:68:0x024f, B:71:0x0268, B:72:0x0272, B:73:0x0273, B:75:0x027b, B:78:0x0294, B:81:0x029a, B:82:0x02d1, B:86:0x02dd, B:88:0x02e7, B:90:0x02f5, B:91:0x031f, B:93:0x0337, B:94:0x0352, B:95:0x035a, B:96:0x035b, B:98:0x0361, B:100:0x0371, B:103:0x0384, B:104:0x038c, B:105:0x03eb, B:107:0x03ef, B:108:0x03f6, B:111:0x03ff, B:114:0x0406, B:115:0x0412, B:117:0x0415, B:119:0x0435, B:121:0x043b, B:122:0x044e, B:124:0x0454, B:125:0x0467, B:127:0x046d, B:130:0x0483, B:132:0x0489, B:135:0x0490, B:136:0x049c, B:137:0x049d, B:138:0x04a7, B:139:0x04a8, B:141:0x04ae, B:143:0x04b6, B:145:0x04c8, B:147:0x04cb, B:148:0x04d7, B:151:0x04d8, B:153:0x04e1, B:158:0x04ec, B:159:0x04f9, B:160:0x0506, B:161:0x0512, B:163:0x0518, B:168:0x0523, B:169:0x0530, B:170:0x053d, B:172:0x054b, B:174:0x054f, B:175:0x0552, B:177:0x0556, B:178:0x0559, B:180:0x055d, B:181:0x0560, B:183:0x0566, B:185:0x056e, B:187:0x0576, B:189:0x057a, B:190:0x057d, B:192:0x0583, B:194:0x058b, B:197:0x0595, B:200:0x059e, B:201:0x05a8, B:202:0x05a9, B:204:0x05b1, B:207:0x05b8, B:208:0x05c4, B:210:0x05ef, B:212:0x05f3, B:213:0x05f6, B:215:0x05fc, B:217:0x0604, B:221:0x05c8, B:223:0x05ce, B:226:0x05d5, B:227:0x05e1, B:228:0x05e2, B:229:0x05ec, B:231:0x038f, B:233:0x0399, B:235:0x039f, B:237:0x03af, B:240:0x03c2, B:241:0x03ca, B:242:0x03cb, B:243:0x03d5, B:255:0x02b5, B:259:0x02ba, B:249:0x02bf, B:257:0x02c4, B:251:0x02c9, B:253:0x02ce, B:260:0x0285, B:261:0x0291, B:263:0x03d6, B:264:0x03e2, B:265:0x01c9, B:39:0x0198, B:41:0x03e3, B:268:0x00e5, B:270:0x00ef, B:273:0x0101, B:276:0x0119, B:277:0x0125, B:279:0x0114, B:282:0x0126, B:284:0x012a, B:285:0x0131, B:287:0x0136, B:290:0x0141, B:291:0x014e, B:293:0x0157, B:295:0x0163, B:297:0x0167, B:300:0x0185, B:301:0x018c, B:303:0x018f, B:305:0x00fd, B:308:0x0092, B:310:0x009c, B:311:0x00a3, B:313:0x00ad, B:314:0x00b4, B:316:0x0056, B:317:0x0060, B:319:0x003b, B:320:0x0045, B:246:0x02a8), top: B:2:0x0006, inners: #3, #4, #5, #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:196:0x0593  */
    /* JADX WARN: Removed duplicated region for block: B:219:0x05c5  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean verifyCertificate3280(ksign.jce.provider.x509.X509CertificateObject r18, ksign.jce.provider.x509.X509CertificateObject r19, int r20, int r21) throws ksign.jce.provider.validate.ValidateException {
        /*
            Method dump skipped, instructions count: 1586
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ksign.jce.provider.validate.ValidateCert.verifyCertificate3280(ksign.jce.provider.x509.X509CertificateObject, ksign.jce.provider.x509.X509CertificateObject, int, int):boolean");
    }

    private boolean withinDNSubtree(String str, Vector vector) {
        boolean isEmpty = vector.isEmpty();
        for (int size = vector.size() - 1; size >= 0; size--) {
            if (vector.elementAt(size).equals(str)) {
                isEmpty = true;
            }
        }
        return isEmpty;
    }

    /* JADX WARN: Code restructure failed: missing block: B:31:0x0043, code lost:
    
        if (r5.baseDir == null) goto L9;
     */
    /* JADX WARN: Removed duplicated region for block: B:12:0x0055  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0054  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean GetCRLFROMLDAP(java.lang.String r6) throws ksign.jce.provider.validate.ValidateException {
        /*
            r5 = this;
            java.lang.String r0 = "<<KSign>> verifyCertificate Start"
            com.ksign.KCaseLogging.println(r0)
            r0 = 2
            java.lang.String[] r0 = new java.lang.String[r0]     // Catch: java.lang.Exception -> L9a
            java.lang.String r1 = "ldap://ldap.epki.go.kr:389"
            r2 = 0
            r0[r2] = r1     // Catch: java.lang.Exception -> L9a
            r1 = 1
            r0[r1] = r6     // Catch: java.lang.Exception -> L9a
            java.lang.StringBuilder r6 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L9a
            java.lang.String r3 = "<<KSign>> CRL DP's information url: "
            r6.<init>(r3)     // Catch: java.lang.Exception -> L9a
            r3 = r0[r2]     // Catch: java.lang.Exception -> L9a
            r6.append(r3)     // Catch: java.lang.Exception -> L9a
            java.lang.String r6 = r6.toString()     // Catch: java.lang.Exception -> L9a
            com.ksign.KCaseLogging.println(r6)     // Catch: java.lang.Exception -> L9a
            java.lang.StringBuilder r6 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L9a
            java.lang.String r3 = "<<KSign>> CRL DP's information crl dn: "
            r6.<init>(r3)     // Catch: java.lang.Exception -> L9a
            r3 = r0[r1]     // Catch: java.lang.Exception -> L9a
            r6.append(r3)     // Catch: java.lang.Exception -> L9a
            java.lang.String r6 = r6.toString()     // Catch: java.lang.Exception -> L9a
            com.ksign.KCaseLogging.println(r6)     // Catch: java.lang.Exception -> L9a
            r6 = r0[r2]     // Catch: java.lang.Exception -> L9a
            javax.naming.directory.DirContext r6 = r5.findDirContext(r6)     // Catch: java.lang.Exception -> L9a
            if (r6 != 0) goto L3f
            goto L45
        L3f:
            if (r6 != 0) goto L52
            java.lang.String r3 = r5.baseDir     // Catch: java.lang.Exception -> L9a
            if (r3 != 0) goto L52
        L45:
            r6 = r0[r2]     // Catch: java.lang.Exception -> L9a
            java.lang.String r3 = r5.userLdapDN     // Catch: java.lang.Exception -> L9a
            java.lang.String r4 = r5.password     // Catch: java.lang.Exception -> L9a
            javax.naming.directory.DirContext r6 = ksign.jce.crypto.ldap.LDAPUtil.createLDAP(r6, r3, r4)     // Catch: java.lang.Exception -> L9a
            r5.addDirContext(r6)     // Catch: java.lang.Exception -> L9a
        L52:
            if (r6 != 0) goto L55
            goto L5c
        L55:
            if (r6 != 0) goto L69
            java.lang.String r3 = r5.baseDir     // Catch: java.lang.Exception -> L9a
            if (r3 == 0) goto L5c
            goto L69
        L5c:
            java.lang.String r6 = "50031"
            ksign.jce.util.JCEUtil.setErrorcode(r6)     // Catch: java.lang.Exception -> L9a
            javax.naming.NamingException r6 = new javax.naming.NamingException     // Catch: java.lang.Exception -> L9a
            java.lang.String r0 = "(KSign) verifyCertificate's No directory server information."
            r6.<init>(r0)     // Catch: java.lang.Exception -> L9a
            throw r6     // Catch: java.lang.Exception -> L9a
        L69:
            if (r6 != 0) goto L78
            r6 = r0[r2]     // Catch: java.lang.Exception -> L9a
            java.lang.String r3 = r5.userLdapDN     // Catch: java.lang.Exception -> L9a
            java.lang.String r4 = r5.password     // Catch: java.lang.Exception -> L9a
            javax.naming.directory.DirContext r6 = ksign.jce.crypto.ldap.LDAPUtil.createLDAP(r6, r3, r4)     // Catch: java.lang.Exception -> L9a
            r5.addDirContext(r6)     // Catch: java.lang.Exception -> L9a
        L78:
            r0 = r0[r1]     // Catch: java.lang.Exception -> L9a
            java.security.cert.X509CRL[] r6 = ksign.jce.crypto.ldap.LDAPUtil.findCRLFromLDAP(r6, r0, r2)     // Catch: java.lang.Exception -> L9a
        L7e:
            int r0 = r6.length     // Catch: java.lang.Exception -> L9a
            if (r2 < r0) goto L82
            goto L91
        L82:
            r0 = r6[r2]     // Catch: java.lang.Exception -> L9a
            ksign.jce.provider.x509.X509CRLObject r0 = (ksign.jce.provider.x509.X509CRLObject) r0     // Catch: java.lang.Exception -> L9a
            java.util.Date r3 = new java.util.Date     // Catch: java.lang.Exception -> L9a
            r3.<init>()     // Catch: java.lang.Exception -> L9a
            boolean r0 = r0.checkValidity(r3)     // Catch: java.lang.Exception -> L9a
            if (r0 == 0) goto L97
        L91:
            java.lang.String r6 = "<<KSign>> CRL �뜝�떆怨ㅼ삕 �뜝�룞�삕�슚�뜝�룞�삕 OK"
            com.ksign.KCaseLogging.println(r6)     // Catch: java.lang.Exception -> L9a
            return r1
        L97:
            int r2 = r2 + 1
            goto L7e
        L9a:
            r6 = move-exception
            com.ksign.KCaseLogging.print(r6)
            int r0 = ksign.jce.util.JCEUtil.getErrorcode()
            if (r0 != 0) goto La9
            java.lang.String r0 = "300032"
            ksign.jce.util.JCEUtil.setErrorcode(r0)
        La9:
            ksign.jce.provider.validate.ValidateException r0 = new ksign.jce.provider.validate.ValidateException
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            java.lang.String r2 = "(KSign) ValidateCert : verifyCertificate's process Error    "
            r1.<init>(r2)
            java.lang.String r6 = r6.toString()
            r1.append(r6)
            java.lang.String r6 = r1.toString()
            r0.<init>(r6)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: ksign.jce.provider.validate.ValidateCert.GetCRLFROMLDAP(java.lang.String):boolean");
    }

    /* JADX WARN: Code restructure failed: missing block: B:35:0x0041, code lost:
    
        if (r4.userLdapDN == null) goto L9;
     */
    /* JADX WARN: Removed duplicated region for block: B:12:0x0053  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0052  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] IsLocalSaveAndGetLDAP(java.lang.String r5, java.lang.String r6) throws ksign.jce.provider.validate.ValidateException {
        /*
            r4 = this;
            java.lang.String r0 = "<<KSign>> verifyCertificate Start"
            com.ksign.KCaseLogging.println(r0)
            r0 = 2
            java.lang.String[] r0 = new java.lang.String[r0]     // Catch: java.lang.Exception -> Lae
            r1 = 0
            r0[r1] = r5     // Catch: java.lang.Exception -> Lae
            r5 = 1
            r0[r5] = r6     // Catch: java.lang.Exception -> Lae
            java.lang.StringBuilder r6 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> Lae
            java.lang.String r2 = "<<KSign>> CRL DP's information url: "
            r6.<init>(r2)     // Catch: java.lang.Exception -> Lae
            r2 = r0[r1]     // Catch: java.lang.Exception -> Lae
            r6.append(r2)     // Catch: java.lang.Exception -> Lae
            java.lang.String r6 = r6.toString()     // Catch: java.lang.Exception -> Lae
            com.ksign.KCaseLogging.println(r6)     // Catch: java.lang.Exception -> Lae
            java.lang.StringBuilder r6 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> Lae
            java.lang.String r2 = "<<KSign>> CRL DP's information crl dn: "
            r6.<init>(r2)     // Catch: java.lang.Exception -> Lae
            r2 = r0[r5]     // Catch: java.lang.Exception -> Lae
            r6.append(r2)     // Catch: java.lang.Exception -> Lae
            java.lang.String r6 = r6.toString()     // Catch: java.lang.Exception -> Lae
            com.ksign.KCaseLogging.println(r6)     // Catch: java.lang.Exception -> Lae
            r6 = r0[r1]     // Catch: java.lang.Exception -> Lae
            javax.naming.directory.DirContext r6 = r4.findDirContext(r6)     // Catch: java.lang.Exception -> Lae
            if (r6 != 0) goto L3d
            goto L43
        L3d:
            if (r6 != 0) goto L50
            java.lang.String r2 = r4.userLdapDN     // Catch: java.lang.Exception -> Lae
            if (r2 != 0) goto L50
        L43:
            r6 = r0[r1]     // Catch: java.lang.Exception -> Lae
            java.lang.String r2 = r4.userLdapDN     // Catch: java.lang.Exception -> Lae
            java.lang.String r3 = r4.password     // Catch: java.lang.Exception -> Lae
            javax.naming.directory.DirContext r6 = ksign.jce.crypto.ldap.LDAPUtil.createLDAP(r6, r2, r3)     // Catch: java.lang.Exception -> Lae
            r4.addDirContext(r6)     // Catch: java.lang.Exception -> Lae
        L50:
            if (r6 != 0) goto L53
            goto L5a
        L53:
            if (r6 != 0) goto L67
            java.lang.String r2 = r4.baseDir     // Catch: java.lang.Exception -> Lae
            if (r2 == 0) goto L5a
            goto L67
        L5a:
            java.lang.String r5 = "50031"
            ksign.jce.util.JCEUtil.setErrorcode(r5)     // Catch: java.lang.Exception -> Lae
            javax.naming.NamingException r5 = new javax.naming.NamingException     // Catch: java.lang.Exception -> Lae
            java.lang.String r6 = "(KSign) verifyCertificate's No directory server information."
            r5.<init>(r6)     // Catch: java.lang.Exception -> Lae
            throw r5     // Catch: java.lang.Exception -> Lae
        L67:
            if (r6 != 0) goto L76
            r6 = r0[r1]     // Catch: java.lang.Exception -> Lae
            java.lang.String r2 = r4.userLdapDN     // Catch: java.lang.Exception -> Lae
            java.lang.String r3 = r4.password     // Catch: java.lang.Exception -> Lae
            javax.naming.directory.DirContext r6 = ksign.jce.crypto.ldap.LDAPUtil.createLDAP(r6, r2, r3)     // Catch: java.lang.Exception -> Lae
            r4.addDirContext(r6)     // Catch: java.lang.Exception -> Lae
        L76:
            r5 = r0[r5]     // Catch: java.lang.Exception -> Lae
            java.security.cert.X509CRL[] r5 = ksign.jce.crypto.ldap.LDAPUtil.findCRLFromLDAP(r6, r5, r1)     // Catch: java.lang.Exception -> Lae
            int r6 = r5.length     // Catch: java.lang.Exception -> Lae
            if (r6 <= 0) goto L8b
            r6 = r5[r1]     // Catch: java.lang.Exception -> Lae
            ksign.jce.provider.x509.X509CRLObject r6 = (ksign.jce.provider.x509.X509CRLObject) r6     // Catch: java.lang.Exception -> Lae
            java.util.Date r0 = new java.util.Date     // Catch: java.lang.Exception -> Lae
            r0.<init>()     // Catch: java.lang.Exception -> Lae
            r6.checkValidity(r0)     // Catch: java.lang.Exception -> Lae
        L8b:
            int r6 = r5.length     // Catch: java.lang.Exception -> Lae
            if (r1 < r6) goto L90
            r5 = 0
            goto La1
        L90:
            r6 = r5[r1]     // Catch: java.lang.Exception -> Lae
            ksign.jce.provider.x509.X509CRLObject r6 = (ksign.jce.provider.x509.X509CRLObject) r6     // Catch: java.lang.Exception -> Lae
            java.util.Date r0 = new java.util.Date     // Catch: java.lang.Exception -> Lae
            r0.<init>()     // Catch: java.lang.Exception -> Lae
            boolean r6 = r6.checkValidity(r0)     // Catch: java.lang.Exception -> Lae
            if (r6 == 0) goto Lab
            r5 = r5[r1]     // Catch: java.lang.Exception -> Lae
        La1:
            byte[] r5 = r5.getEncoded()     // Catch: java.lang.Exception -> Lae
            java.lang.String r6 = "<<KSign>> CRL �뜝�떆怨ㅼ삕 �뜝�룞�삕�슚�뜝�룞�삕 OK"
            com.ksign.KCaseLogging.println(r6)     // Catch: java.lang.Exception -> Lae
            return r5
        Lab:
            int r1 = r1 + 1
            goto L8b
        Lae:
            r5 = move-exception
            com.ksign.KCaseLogging.print(r5)
            int r6 = ksign.jce.util.JCEUtil.getErrorcode()
            if (r6 != 0) goto Lbd
            java.lang.String r6 = "300032"
            ksign.jce.util.JCEUtil.setErrorcode(r6)
        Lbd:
            ksign.jce.provider.validate.ValidateException r6 = new ksign.jce.provider.validate.ValidateException
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            java.lang.String r1 = "(KSign) ValidateCert : verifyCertificate's process Error    "
            r0.<init>(r1)
            java.lang.String r5 = r5.toString()
            r0.append(r5)
            java.lang.String r5 = r0.toString()
            r6.<init>(r5)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: ksign.jce.provider.validate.ValidateCert.IsLocalSaveAndGetLDAP(java.lang.String, java.lang.String):byte[]");
    }

    public void addDirContext(DirContext dirContext) {
        int i = 0;
        while (i < 10 && this.m_dircontexts[i] != null) {
            i++;
        }
        if (i < 10) {
            this.m_dircontexts[i] = dirContext;
        }
    }

    protected boolean adjustNamingConstraint(X509CertificateObject x509CertificateObject) {
        return true;
    }

    protected void adjustPSwithPM(X509CertificateObject x509CertificateObject) {
        String[] policyMappings = x509CertificateObject.getPolicyMappings();
        if (policyMappings == null) {
            return;
        }
        for (int i = 0; i < policyMappings.length; i += 2) {
            String str = policyMappings[i];
            String str2 = policyMappings[i + 1];
            if (this.m_initialPolicySet.contains(str)) {
                this.m_initialPolicySet.addElement(str2);
            }
        }
        for (int i2 = 0; i2 < policyMappings.length; i2 += 2) {
            String str3 = policyMappings[i2];
            String str4 = policyMappings[i2 + 1];
            if (this.m_acceptablePolicySet.contains(str3)) {
                this.m_acceptablePolicySet.addElement(str4);
            }
        }
    }

    protected boolean assureCertPoliciesInInitialPolicySet(X509CertificateObject x509CertificateObject) {
        String[] policy = x509CertificateObject.getPolicy();
        if (policy == null) {
            return false;
        }
        return assureCertPoliciesInPolicySet(policy, false, this.m_initialPolicySet, this.m_bInitialPolicySet_any);
    }

    protected boolean assureCertPoliciesInPolicySet(String[] strArr, boolean z, Vector vector, boolean z2) {
        if (z || z2) {
            return true;
        }
        if (strArr == null || vector == null) {
            return false;
        }
        for (int i = 0; i < strArr.length; i++) {
            for (int i2 = 0; i2 < vector.size(); i2++) {
                KCaseLogging.println("cert : " + strArr[i]);
                KCaseLogging.println("init : " + ((String) vector.get(i2)));
                if (strArr[i].equals((String) vector.get(i2))) {
                    return true;
                }
            }
        }
        return false;
    }

    protected boolean checkBasicConstraints(X509CertificateObject x509CertificateObject) {
        int basicConstraints = x509CertificateObject.getBasicConstraints();
        if (basicConstraints < 0) {
            return false;
        }
        if (basicConstraints >= this.m_nCAPathLen) {
            return true;
        }
        this.m_nCAPathLen = basicConstraints;
        return true;
    }

    protected boolean checkCertUsage(X509CertificateObject x509CertificateObject, int i) {
        if (i == 1) {
            if (checkKeyUsage(x509CertificateObject, 2)) {
                return true;
            }
        } else if (i == 2 && checkKeyUsage(x509CertificateObject, 0)) {
            return true;
        }
        return false;
    }

    protected boolean checkCertificatePolicies(X509CertificateObject x509CertificateObject) {
        if (x509CertificateObject == null) {
            return false;
        }
        if (!x509CertificateObject.getExtensionCritial(X509Extension.certificatePolicies)) {
            return true;
        }
        String[] policy = x509CertificateObject.getPolicy();
        return assureCertPoliciesInPolicySet(policy, false, this.m_initialPolicySet, this.m_bInitialPolicySet_any) && intersectionAPSwithCP(this.m_acceptablePolicySet, this.m_bAcceptablePolicySet_any, policy, false);
    }

    protected boolean checkKeyUsage(X509CertificateObject x509CertificateObject, int i) {
        boolean[] keyUsage = x509CertificateObject.getKeyUsage();
        return keyUsage == null ? x509CertificateObject.getSubjectDN().getName().equalsIgnoreCase(x509CertificateObject.getIssuerDN().getName()) : keyUsage[i];
    }

    protected void checkPolicyConstraints(X509CertificateObject x509CertificateObject, int i) {
        int[] policyConstraints = x509CertificateObject.getPolicyConstraints();
        if (policyConstraints == null) {
            return;
        }
        if (policyConstraints[0] + i < this.m_nExplicitPolicy) {
            this.m_nExplicitPolicy = policyConstraints[0] + i;
        }
        if (policyConstraints[1] + i < this.m_nPolicyMapping) {
            this.m_nPolicyMapping = policyConstraints[1] + i;
        }
    }

    public void closeDirContexts() {
        for (int i = 0; i < 10; i++) {
            DirContext[] dirContextArr = this.m_dircontexts;
            if (dirContextArr[i] == null) {
                return;
            }
            LDAPUtil.closeLDAP(dirContextArr[i]);
        }
    }

    protected boolean compatibleAPSwithIPS(Vector vector, boolean z, Vector vector2, boolean z2) {
        if (z || z2) {
            return true;
        }
        if (vector == null || vector2 == null) {
            return false;
        }
        for (int i = 0; i < vector.size(); i++) {
            String str = (String) vector.get(i);
            for (int i2 = 0; i2 < vector2.size(); i2++) {
                if (str.equals((String) vector2.get(i2))) {
                    return true;
                }
            }
        }
        return false;
    }

    protected boolean extUsages(boolean[] zArr, int[] iArr) {
        for (int i : iArr) {
            if (!zArr[i]) {
                return false;
            }
        }
        return true;
    }

    public DirContext findDirContext(String str) {
        if (this.m_dircontexts == null) {
            return null;
        }
        int i = 0;
        while (true) {
            DirContext[] dirContextArr = this.m_dircontexts;
            if (i >= dirContextArr.length) {
                return null;
            }
            if (LDAPUtil.compareLDAPUrl(dirContextArr[i], str)) {
                return this.m_dircontexts[i];
            }
            i++;
        }
    }

    public String getCert3280DN() {
        return this.Cert3280DN;
    }

    public Certificate getCertificate(String str) {
        X509Certificate x509Certificate;
        X509Certificate x509Certificate2;
        try {
            int i = 0;
            if (isLocalCert(this.baseDir, str)) {
                x509Certificate2 = (X509Certificate) getLocalCert(this.baseDir, str);
                if (x509Certificate2 == null) {
                    this.strldapUrl = "";
                    String[] divisionFromLDAPUrl = LDAPUtil.divisionFromLDAPUrl("ldap://ds.yessign.or.kr:389", this.convertUrl);
                    KCaseLogging.println(this.convertUrl);
                    if (divisionFromLDAPUrl == null) {
                        return null;
                    }
                    DirContext findDirContext = findDirContext(divisionFromLDAPUrl[0]);
                    if (findDirContext == null) {
                        findDirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                        addDirContext(findDirContext);
                    }
                    if (findDirContext == null) {
                        return null;
                    }
                    X509Certificate[] findCertificatesFromLDAP = LDAPUtil.findCertificatesFromLDAP(findDirContext, str);
                    if (findCertificatesFromLDAP == null) {
                        throw new Exception("(KSign) getRootCert's LDAP Server something wrong.(Certificate1)");
                    }
                    while (i < findCertificatesFromLDAP.length && findCertificatesFromLDAP[i] == null) {
                        i++;
                    }
                    x509Certificate = findCertificatesFromLDAP[i];
                    String str2 = this.baseDir;
                    if (str2 != null) {
                        if (!setLocalCert(String.valueOf(str2) + SmartMedicUpdater.c + str, findCertificatesFromLDAP[i])) {
                            throw new Exception("(KSign) getRootCert's Can't write Certificate.");
                        }
                    }
                }
                x509Certificate2.getSubjectDN().getName();
                return x509Certificate2;
            }
            String str3 = this.strldapUrl;
            if (str3 != null) {
                this.strldapUrl = str3;
            } else if (str.toLowerCase().endsWith("o=yessign,c=kr")) {
                this.strldapUrl = "ldap://ds.yessign.or.kr:389/";
            } else if (str.toLowerCase().endsWith("o=ncasign,c=kr")) {
                this.strldapUrl = "ldap://ds.nca.or.kr:389/";
            } else if (str.toLowerCase().endsWith("o=crosscert,c=kr")) {
                this.strldapUrl = "ldap://dir.crosscert.com:389/";
            } else if (str.toLowerCase().endsWith("o=kica,c=kr")) {
                this.strldapUrl = "ldap://ldap.signgate.com:389/";
            } else if (str.toLowerCase().endsWith("o=signkorea,c=kr")) {
                this.strldapUrl = "ldap://dir.signkorea.com:389/";
            } else if (str.toLowerCase().endsWith("o=tradesign,c=kr")) {
                this.strldapUrl = "ldap://ldap.tradesign.net:389/";
            } else if (str.toLowerCase().endsWith("o=government of korea,c=kr")) {
                this.strldapUrl = "ldap://ldap.gcc.go.kr:389/";
            } else if (str.toLowerCase().endsWith("o=dsc,c=kr")) {
                this.strldapUrl = "ldap://4.7.1.70:389/";
            }
            String str4 = this.strldapUrl;
            if (str4 == null) {
                return null;
            }
            DirContext findDirContext2 = findDirContext(str4);
            if (findDirContext2 == null) {
                findDirContext2 = LDAPUtil.createLDAP(this.strldapUrl, this.userLdapDN, this.password);
                addDirContext(findDirContext2);
            }
            if (findDirContext2 == null) {
                return null;
            }
            X509Certificate[] findCertificatesFromLDAP2 = LDAPUtil.findCertificatesFromLDAP(findDirContext2, str);
            if (findCertificatesFromLDAP2 == null) {
                throw new Exception("(KSign) getRootCert's LDAP Server something wrong.(Certificate2)");
            }
            while (i < findCertificatesFromLDAP2.length && findCertificatesFromLDAP2[i] == null) {
                i++;
            }
            x509Certificate = findCertificatesFromLDAP2[i];
            String str5 = this.baseDir;
            if (str5 != null) {
                if (!setLocalCert(String.valueOf(str5) + SmartMedicUpdater.c + str, findCertificatesFromLDAP2[i])) {
                    throw new Exception("(KSign) getRootCert's Can't write Certificate.");
                }
            }
            x509Certificate2 = x509Certificate;
            x509Certificate2.getSubjectDN().getName();
            return x509Certificate2;
        } catch (Exception e) {
            System.err.println("(KSign) getRootCert's Get Certificate Error : " + e.toString());
            return null;
        }
    }

    public Certificate getCertificate(String str, String str2, String str3) {
        try {
            String str4 = "ldap://" + str2 + ":" + str3;
            this.strldapUrl = str4;
            DirContext findDirContext = findDirContext(str4);
            if (findDirContext == null) {
                findDirContext = LDAPUtil.createLDAP(this.strldapUrl, this.userLdapDN, this.password);
                addDirContext(findDirContext);
            }
            if (findDirContext == null) {
                return null;
            }
            X509Certificate[] findCertificatesFromLDAP = LDAPUtil.findCertificatesFromLDAP(findDirContext, str);
            if (findCertificatesFromLDAP == null) {
                throw new Exception("(KSign) getRootCert's LDAP Server something wrong.(Certificate1)");
            }
            int i = 0;
            while (i < findCertificatesFromLDAP.length && findCertificatesFromLDAP[i] == null) {
                i++;
            }
            X509Certificate x509Certificate = findCertificatesFromLDAP[i];
            String str5 = this.baseDir;
            if (str5 != null) {
                if (!setLocalCert(String.valueOf(str5) + SmartMedicUpdater.c + str, findCertificatesFromLDAP[i])) {
                    throw new Exception("(KSign) getRootCert's Can't write Certificate.");
                }
            }
            x509Certificate.getSubjectDN().getName();
            return x509Certificate;
        } catch (Exception e) {
            System.err.println("(KSign) getRootCert's Get Certificate Error : " + e.toString());
            return null;
        }
    }

    public String[] getDNfromCerts(String str) {
        Vector vector = new Vector();
        String str2 = str;
        while (true) {
            try {
                X509CertificateObject x509CertificateObject = (X509CertificateObject) getCertificate(str2);
                String name = x509CertificateObject.getIssuerDN().getName();
                String name2 = x509CertificateObject.getSubjectDN().getName();
                vector.add(name2);
                closeDirContexts();
                if (name2.equalsIgnoreCase(name)) {
                    break;
                }
                str2 = name;
            } catch (Exception e) {
                System.err.println("(KSign) getCert's Get Certificate Error : " + e.toString());
                closeDirContexts();
                return new String[]{str};
            }
        }
        Iterator it = vector.iterator();
        String[] strArr = new String[vector.size()];
        int i = 0;
        while (it.hasNext()) {
            strArr[i] = (String) it.next();
            i++;
        }
        return strArr;
    }

    public String[] getDNfromCerts(String str, String str2) {
        this.strldapUrl = str2;
        return getDNfromCerts(str);
    }

    public CRL getLocalCRL(String str, String str2) {
        try {
            if (!new File(str, str2).isDirectory()) {
                return null;
            }
            File file = new File(String.valueOf(str) + SmartMedicUpdater.c + str2, "cert.crl");
            if (!file.isFile()) {
                return null;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            int available = fileInputStream.available();
            byte[] bArr = new byte[available];
            fileInputStream.read(bArr, 0, available);
            fileInputStream.close();
            X509CRLObject x509CRLObject = (X509CRLObject) CertificateFactory.getInstance("X509", "Ksign").generateCRL(new ByteArrayInputStream(bArr));
            if (x509CRLObject.checkValidity(new Date())) {
                return x509CRLObject;
            }
            return null;
        } catch (Exception e) {
            KCaseLogging.print(e);
            return null;
        }
    }

    public CRL getLocalCRL(String str, String str2, boolean z) {
        try {
            if (!new File(str, str2).isDirectory()) {
                return null;
            }
            File file = new File(String.valueOf(str) + SmartMedicUpdater.c + str2, z ? "cert.arl" : "cert.crl");
            if (!file.isFile()) {
                return null;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            int available = fileInputStream.available();
            byte[] bArr = new byte[available];
            fileInputStream.read(bArr, 0, available);
            fileInputStream.close();
            X509CRLObject x509CRLObject = (X509CRLObject) CertificateFactory.getInstance("X509", "Ksign").generateCRL(new ByteArrayInputStream(bArr));
            if (x509CRLObject.checkValidity(new Date())) {
                return x509CRLObject;
            }
            return null;
        } catch (Exception unused) {
            return null;
        }
    }

    public Certificate getLocalCert(String str, String str2) {
        if (str == null) {
            return null;
        }
        try {
            if (!new File(str, str2).isDirectory()) {
                return null;
            }
            File file = new File(String.valueOf(str) + SmartMedicUpdater.c + str2, "cert.der");
            if (!file.isFile()) {
                return null;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            int available = fileInputStream.available();
            byte[] bArr = new byte[available];
            fileInputStream.read(bArr, 0, available);
            fileInputStream.close();
            X509CertificateObject x509CertificateObject = (X509CertificateObject) CertificateFactory.getInstance("X509", "Ksign").generateCertificate(new ByteArrayInputStream(bArr));
            x509CertificateObject.checkValidity(new Date());
            return x509CertificateObject;
        } catch (Exception unused) {
            return null;
        }
    }

    public Certificate getRootCert(Certificate certificate) {
        X509Certificate x509Certificate;
        if (certificate == null) {
            return null;
        }
        X509Certificate x509Certificate2 = (X509Certificate) certificate;
        String name = x509Certificate2.getIssuerDN().getName();
        String name2 = x509Certificate2.getSubjectDN().getName();
        while (!name.equals(name2)) {
            try {
                int i = 0;
                if (isLocalCert(this.baseDir, name)) {
                    x509Certificate2 = (X509Certificate) getLocalCert(this.baseDir, name);
                    if (x509Certificate2 != null) {
                        continue;
                        name = x509Certificate2.getIssuerDN().getName();
                        name2 = x509Certificate2.getSubjectDN().getName();
                    } else {
                        String[] divisionFromLDAPUrl = LDAPUtil.divisionFromLDAPUrl(((X509CertificateObject) x509Certificate2).getDistributionPoint(), this.convertUrl);
                        if (divisionFromLDAPUrl == null) {
                            return null;
                        }
                        DirContext findDirContext = findDirContext(divisionFromLDAPUrl[0]);
                        if (findDirContext == null) {
                            findDirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                            addDirContext(findDirContext);
                        }
                        if (findDirContext == null) {
                            return null;
                        }
                        X509Certificate[] findCertificatesFromLDAP = LDAPUtil.findCertificatesFromLDAP(findDirContext, name);
                        if (findCertificatesFromLDAP == null) {
                            throw new Exception("(KSign) getRootCert's LDAP Server something wrong.(Certificate1)");
                        }
                        while (i < findCertificatesFromLDAP.length && findCertificatesFromLDAP[i] == null) {
                            i++;
                        }
                        x509Certificate = findCertificatesFromLDAP[i];
                        String str = this.baseDir;
                        if (str != null) {
                            if (!setLocalCert(String.valueOf(str) + SmartMedicUpdater.c + name, findCertificatesFromLDAP[i])) {
                                throw new Exception("(KSign) getRootCert's Can't write Certificate.");
                            }
                        }
                    }
                } else {
                    String[] divisionFromLDAPUrl2 = LDAPUtil.divisionFromLDAPUrl(((X509CertificateObject) x509Certificate2).getDistributionPoint(), this.convertUrl);
                    if (divisionFromLDAPUrl2 == null) {
                        return null;
                    }
                    DirContext findDirContext2 = findDirContext(divisionFromLDAPUrl2[0]);
                    if (findDirContext2 == null) {
                        findDirContext2 = LDAPUtil.createLDAP(divisionFromLDAPUrl2[0], this.userLdapDN, this.password);
                        addDirContext(findDirContext2);
                    }
                    if (findDirContext2 == null) {
                        return null;
                    }
                    X509Certificate[] findCertificatesFromLDAP2 = LDAPUtil.findCertificatesFromLDAP(findDirContext2, name);
                    if (findCertificatesFromLDAP2 == null) {
                        throw new Exception("(KSign) getRootCert's LDAP Server something wrong.(Certificate2)");
                    }
                    while (i < findCertificatesFromLDAP2.length && findCertificatesFromLDAP2[i] == null) {
                        i++;
                    }
                    x509Certificate = findCertificatesFromLDAP2[i];
                    String str2 = this.baseDir;
                    if (str2 != null) {
                        if (!setLocalCert(String.valueOf(str2) + SmartMedicUpdater.c + name, findCertificatesFromLDAP2[i])) {
                            throw new Exception("(KSign) getRootCert's Can't write Certificate.");
                        }
                    }
                }
                x509Certificate2 = x509Certificate;
                name = x509Certificate2.getIssuerDN().getName();
                name2 = x509Certificate2.getSubjectDN().getName();
            } catch (Exception e) {
                System.err.println("(KSign) getRootCert's Get Certificate Error : " + e.toString());
                return null;
            }
        }
        return x509Certificate2;
    }

    protected boolean intersectionAPSwithCP(Vector vector, boolean z, String[] strArr, boolean z2) {
        Vector vector2 = new Vector();
        if (vector == null || strArr == null) {
            return true;
        }
        if (z) {
            vector.removeAllElements();
            for (String str : strArr) {
                vector.addElement(str);
            }
            return true;
        }
        for (int i = 0; i < vector.size(); i++) {
            String str2 = (String) vector.get(i);
            for (int i2 = 0; i2 < strArr.length; i2++) {
                if (str2.equals(strArr[i2])) {
                    vector2.addElement(strArr[i2]);
                }
            }
        }
        vector.removeAllElements();
        vector.addAll(vector2);
        return true;
    }

    protected boolean isIssueCert(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2) {
        return x509CertificateObject.getIssuerDN().getName().equals(x509CertificateObject2.getSubjectDN().getName());
    }

    protected boolean isKUsageCompatWithExtKUsage(X509CertificateObject x509CertificateObject) {
        int[] iArr = {0, 2, 4};
        int[] iArr2 = {0, 4};
        int[] iArr3 = new int[1];
        int[] iArr4 = {0, 1, 2, 4};
        int[] iArr5 = {0, 1};
        ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr = (ASN1ObjectIdentifier[]) x509CertificateObject.getExtKeyUsage();
        boolean[] keyUsage = x509CertificateObject.getKeyUsage();
        for (int i = 0; i < aSN1ObjectIdentifierArr.length; i++) {
            if (aSN1ObjectIdentifierArr[i].equals(KeyPurposeId.id_kp_serverAuth)) {
                if (extUsages(keyUsage, iArr)) {
                    return true;
                }
            } else if (aSN1ObjectIdentifierArr[i].equals(KeyPurposeId.id_kp_clientAuth)) {
                if (extUsages(keyUsage, iArr2)) {
                    return true;
                }
            } else if (aSN1ObjectIdentifierArr[i].equals(KeyPurposeId.id_kp_codeSigning)) {
                if (extUsages(keyUsage, iArr3)) {
                    return true;
                }
            } else if (aSN1ObjectIdentifierArr[i].equals(KeyPurposeId.id_kp_emailProtection)) {
                if (extUsages(keyUsage, iArr4)) {
                    return true;
                }
            } else if (aSN1ObjectIdentifierArr[i].equals(KeyPurposeId.id_kp_timeStamping) && extUsages(keyUsage, iArr5)) {
                return true;
            }
        }
        return false;
    }

    public boolean isLocalCRL(String str, String str2) {
        try {
            if (!new File(str, str2).isDirectory()) {
                return false;
            }
            StringBuilder sb = new StringBuilder(String.valueOf(str));
            sb.append(SmartMedicUpdater.c);
            sb.append(str2);
            return new File(sb.toString(), "cert.crl").isFile();
        } catch (Exception unused) {
            return false;
        }
    }

    public boolean isLocalCRL(String str, String str2, boolean z) {
        try {
            if (!new File(str, str2).isDirectory()) {
                return false;
            }
            String str3 = z ? "cert.arl" : "cert.crl";
            StringBuilder sb = new StringBuilder(String.valueOf(str));
            sb.append(SmartMedicUpdater.c);
            sb.append(str2);
            return new File(sb.toString(), str3).isFile();
        } catch (Exception unused) {
            return false;
        }
    }

    public boolean isLocalCert(String str, String str2) {
        if (str == null) {
            return false;
        }
        try {
            if (!new File(str, str2).isDirectory()) {
                return false;
            }
            StringBuilder sb = new StringBuilder(String.valueOf(str));
            sb.append(SmartMedicUpdater.c);
            sb.append(str2);
            return new File(sb.toString(), "cert.der").isFile();
        } catch (Exception unused) {
            return false;
        }
    }

    public void isLocalSaveCRL(boolean z) {
        this.isLocalSaveCRL = z;
    }

    protected boolean isNameConsistentwithNamingConstraint(X509CertificateObject x509CertificateObject) {
        return true;
    }

    protected X509Certificate obtainHigherCert(X509Certificate x509Certificate) throws Exception {
        X509Certificate x509Certificate2;
        KCaseLogging.println("obtainHigherCert : assigndCert : " + x509Certificate.getIssuerDN().getName());
        X509CertificateObject x509CertificateObject = (X509CertificateObject) x509Certificate;
        String[] divisionFromLDAPUrl = x509CertificateObject.isAuthorityInfoAccess() ? LDAPUtil.divisionFromLDAPUrl(x509CertificateObject.getAuthorityInfoAccess()) : LDAPUtil.divisionFromLDAPUrl(x509CertificateObject.getDistributionPoint());
        String name = x509Certificate.getIssuerDN().getName();
        String name2 = x509Certificate.getSubjectDN().getName();
        if (divisionFromLDAPUrl == null && !name.equalsIgnoreCase(name2)) {
            JCEUtil.setErrorcode("50006");
            throw new NamingException("(KSign) setCertListFromLdap3280' ldapurl generate error");
        }
        KCaseLogging.println("<<KSign>> Connect url: " + divisionFromLDAPUrl[0]);
        if (!divisionFromLDAPUrl[0].startsWith(HttpHost.DEFAULT_SCHEME_NAME)) {
            if (isLocalCert(this.baseDir, name) && (x509Certificate2 = (X509Certificate) getLocalCert(this.baseDir, name)) != null) {
                return x509Certificate2;
            }
            return queryCertfromLDAP(x509Certificate, divisionFromLDAPUrl[0]);
        }
        URL url = new URL(divisionFromLDAPUrl[0]);
        KCaseLogging.println("cert url is : " + divisionFromLDAPUrl[0]);
        InputStream openStream = url.openStream();
        X509Certificate x509Certificate3 = (X509Certificate) CertificateFactory.getInstance(CryptoConst.CERT_X509, "Ksign").generateCertificate(openStream);
        openStream.close();
        return x509Certificate3;
    }

    protected X509Certificate queryCertfromLDAP(X509Certificate x509Certificate, String str) throws ValidateException, NamingException {
        KCaseLogging.println("find DirContext :: url = " + str);
        KCaseLogging.println(">>Jenny ldapUrl : " + str);
        DirContext findDirContext = findDirContext(str);
        if (findDirContext == null) {
            KCaseLogging.println("dirContext is null. ==> createLDAP :: url = [" + str + "] ,userLdapDN = [" + this.userLdapDN + "] ,password = [" + this.password + "]");
            findDirContext = LDAPUtil.createLDAP(str, this.userLdapDN, this.password);
            addDirContext(findDirContext);
        }
        if (findDirContext == null) {
            JCEUtil.setErrorcode("50031");
            throw new NamingException("(KSign) setCertListFromLdap3280's No directory server information.");
        }
        X509Certificate[] findCertificatesFromLDAP = LDAPUtil.findCertificatesFromLDAP(findDirContext, ((X509CertificateObject) x509Certificate).getIssuerDN2().getName());
        X509Certificate x509Certificate2 = null;
        int i = 0;
        while (true) {
            if (i >= findCertificatesFromLDAP.length) {
                break;
            }
            if (findCertificatesFromLDAP[i] != null) {
                x509Certificate2 = findCertificatesFromLDAP[i];
                break;
            }
            i++;
        }
        if (x509Certificate2 == null) {
            JCEUtil.setErrorcode("40015");
            throw new ValidateException("(KSign) setCertListFromLdap3280's Certificate's path building Error");
        }
        KCaseLogging.println("assigndCertDN:" + x509Certificate.getSubjectDN());
        KCaseLogging.println("higerCert" + x509Certificate2.getSubjectDN());
        String str2 = this.baseDir;
        if (str2 != null) {
            if (!setLocalCert(String.valueOf(str2) + SmartMedicUpdater.c + x509Certificate.getIssuerDN().getName(), x509Certificate2)) {
                throw new ValidateException("(KSign) setCertListFromLdap3280's Can't store Certificate.");
            }
        }
        return x509Certificate2;
    }

    public void setADLdapInfo(String str, String str2) {
        this.userLdapDN = str;
        this.password = str2;
    }

    public void setCert3280DN(String str) {
        this.Cert3280DN = str;
    }

    public boolean setInitialPolicy(String str, boolean z) {
        this.m_initialPolicySet = null;
        this.m_bInitialPolicySet_any = z;
        this.m_initialPolicySet = new Vector();
        StringTokenizer stringTokenizer = new StringTokenizer(str, "|");
        while (stringTokenizer.hasMoreTokens()) {
            this.m_initialPolicySet.addElement(stringTokenizer.nextToken());
        }
        return true;
    }

    public boolean setLocalCRL(String str, CRL crl) throws ValidateException {
        try {
            if (str == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCRL's crl path is null");
            }
            if (crl == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCRL's crl value is null");
            }
            File file = new File(str);
            if (!file.isDirectory() && !file.mkdir()) {
                JCEUtil.setErrorcode("20005");
                throw new ValidateException("(KSign) setLocalCRL's directory generate error");
            }
            byte[] encoded = ((X509CRLObject) crl).getEncoded();
            FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(str) + "/cert.crl");
            fileOutputStream.write(encoded, 0, encoded.length);
            fileOutputStream.close();
            return true;
        } catch (FileNotFoundException e) {
            JCEUtil.setErrorcode("20004");
            throw new ValidateException("(KSign) ValidateCert : setLocalCRL's CRL file generate error    " + e.toString());
        } catch (IOException e2) {
            JCEUtil.setErrorcode("300028");
            throw new ValidateException("(KSign) ValidateCert : setLocalCRL's CRL store error    " + e2.toString());
        } catch (Exception e3) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300028");
            }
            throw new ValidateException("(KSign)  ValidateCert : setLocalCRL process Error    " + e3.toString());
        }
    }

    public boolean setLocalCRL(String str, CRL crl, boolean z) throws ValidateException {
        try {
            if (str == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCRL's crl path is null");
            }
            if (crl == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCRL's crl value is null");
            }
            File file = new File(str);
            if (!file.isDirectory() && !file.mkdir()) {
                JCEUtil.setErrorcode("20005");
                throw new ValidateException("(KSign) setLocalCRL's directory generate error");
            }
            byte[] encoded = ((X509CRLObject) crl).getEncoded();
            FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(str) + (z ? "/cert.arl" : "/cert.crl"));
            fileOutputStream.write(encoded, 0, encoded.length);
            fileOutputStream.close();
            return true;
        } catch (FileNotFoundException e) {
            JCEUtil.setErrorcode("20004");
            throw new ValidateException("(KSign) ValidateCert : setLocalCRL's CRL file generate error    " + e.toString());
        } catch (IOException e2) {
            JCEUtil.setErrorcode("300028");
            throw new ValidateException("(KSign) ValidateCert : setLocalCRL's CRL store error    " + e2.toString());
        } catch (Exception e3) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300028");
            }
            throw new ValidateException("(KSign)  ValidateCert : setLocalCRL process Error    " + e3.toString());
        }
    }

    public boolean setLocalCert(String str, Certificate certificate) throws ValidateException {
        try {
            KCaseLogging.println("certPath : " + str);
            if (str == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCert's cert path is null");
            }
            if (certificate == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) setLocalCert's certificate value is null");
            }
            File file = new File(str);
            if (!file.isDirectory() && !file.mkdir()) {
                JCEUtil.setErrorcode("20005");
                throw new ValidateException("(KSign) setLocalCert's directory generate error");
            }
            byte[] encoded = certificate.getEncoded();
            FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(str) + "/cert.der");
            fileOutputStream.write(encoded, 0, encoded.length);
            fileOutputStream.close();
            return true;
        } catch (FileNotFoundException e) {
            JCEUtil.setErrorcode("20004");
            throw new ValidateException("(KSign) ValidateCert : setLocalCert's certificate file generate error    " + e.toString());
        } catch (IOException e2) {
            JCEUtil.setErrorcode("40013");
            throw new ValidateException("(KSign) ValidateCert : setLocalCert's certificate store error    " + e2.toString());
        } catch (Exception e3) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("40013");
            }
            throw new ValidateException("(KSign)  ValidateCert : setLocalCert process Error    " + e3.toString());
        }
    }

    public void setValidateOption(boolean z, int i) {
        this.m_bPathValidationOp = z;
        this.m_nCrlCheckOption = i;
    }

    public boolean validateCertificateFromLDAP(Certificate[] certificateArr, int i) throws ValidateException {
        KCaseLogging.println("<<KSign>> validateCertificateFromLDAP Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) validateCertificateFromLDAP's input cert value is null");
            }
            X509CertificateObject x509CertificateObject = (X509CertificateObject) certificateArr[0];
            KCaseLogging.println("<<KSign>> Input Cert's Subject DN : " + x509CertificateObject.getSubjectDN().getName());
            if (x509CertificateObject.isCert3280() || x509CertificateObject.isCert3280DN(x509CertificateObject.getSubjectDN().getName(), getCert3280DN())) {
                validateCertificateChain_3280(x509CertificateObject, constructCertificatChain_3280(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
                return true;
            }
            validateCertificateChain_2459(x509CertificateObject, constructCertificatChain_2459(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
            return true;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : validateCertificateFromLDAP's process Error    " + e.toString());
        }
    }

    public boolean validateCertificateFromLDAP(Certificate[] certificateArr, int i, int i2) throws ValidateException {
        KCaseLogging.println("<<KSign>> validateCertificateFromLDAP Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) validateCertificateFromLDAP's input cert value is null");
            }
            X509CertificateObject x509CertificateObject = (X509CertificateObject) certificateArr[0];
            KCaseLogging.println("<<KSign>> Input Cert's Subject DN : " + x509CertificateObject.getSubjectDN().getName());
            if (i2 == 1) {
                x509CertificateObject.checkValidity();
                return true;
            }
            if (x509CertificateObject.isCert3280() || x509CertificateObject.isCert3280DN(x509CertificateObject.getSubjectDN().getName(), getCert3280DN())) {
                validateCertificateChain_3280(x509CertificateObject, constructCertificatChain_3280(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
            } else {
                validateCertificateChain_2459(x509CertificateObject, constructCertificatChain_2459(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
            }
            closeDirContexts();
            return true;
        } catch (Exception e) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : validateCertificateFromLDAP's process Error    " + e.toString());
        }
    }

    public boolean validateCertificateFromLDAP2(Certificate[] certificateArr, int i) throws Exception {
        X509CertificateObject x509CertificateObject = (X509CertificateObject) certificateArr[0];
        validateCertificateChain_3280(x509CertificateObject, constructCertificatChain_3280(x509CertificateObject, this.m_bPathValidationOp), this.m_bPathValidationOp, i, true);
        return true;
    }

    public boolean validateCertificateNPKI_GPKI(Certificate[] certificateArr, int i) throws ValidateException {
        KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) validateCertificateNPKI_GPKI's input cert value is null");
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
            for (int i2 = 0; i2 < certificateArr.length; i2++) {
                x509CertificateArr[i2] = (X509Certificate) certificateArr[i2];
            }
            KCaseLogging.println("<<KSign>> validate Certificate DN : " + x509CertificateArr[0].getSubjectDN().getName());
            boolean validateCertificateFromLDAP = validateCertificateFromLDAP(certificateArr, i);
            KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI End");
            return validateCertificateFromLDAP;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : validateCertificateNPKI_GPKI's process Error    " + e.toString());
        }
    }

    public boolean validateCertificateNPKI_GPKI(Certificate[] certificateArr, String str, int i) throws ValidateException {
        KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) validateCertificateNPKI_GPKI's input cert value is null");
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
            for (int i2 = 0; i2 < certificateArr.length; i2++) {
                x509CertificateArr[i2] = (X509Certificate) certificateArr[i2];
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 : " + x509CertificateArr[0].getSubjectDN().getName());
            boolean validateCertificateFromLDAP = validateCertificateFromLDAP(certificateArr, i);
            KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI End(result :: " + validateCertificateFromLDAP + ")");
            return validateCertificateFromLDAP;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : validateCertificateNPKI_GPKI's process Error    " + e.toString());
        }
    }

    public boolean validateCertificateNPKI_GPKI(Certificate[] certificateArr, String str, int i, String str2, String str3, String str4, String str5) throws ValidateException {
        KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI Start");
        try {
            if (certificateArr == null) {
                JCEUtil.setErrorcode("20007");
                throw new ValidateException("(KSign) validateCertificateNPKI_GPKI's input cert value is null");
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
            for (int i2 = 0; i2 < certificateArr.length; i2++) {
                x509CertificateArr[i2] = (X509Certificate) certificateArr[i2];
            }
            boolean validateCertificateFromLDAP = validateCertificateFromLDAP(certificateArr, i);
            KCaseLogging.println("<<KSign>> validateCertificateNPKI_GPKI End(result :: " + validateCertificateFromLDAP + ")");
            return validateCertificateFromLDAP;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : validateCertificateNPKI_GPKI's process Error    " + e.toString());
        }
    }

    protected boolean verifyCertificate3280(X509CertificateObject x509CertificateObject, X509CertificateObject x509CertificateObject2, int i, int i2, String str) throws ValidateException {
        boolean z;
        boolean z2;
        int i3;
        X509CRL[] x509crlArr;
        boolean z3;
        X509CRLEntryObject x509CRLEntryObject;
        X509CRLEntryObject x509CRLEntryObject2;
        KCaseLogging.println("<<KSign>> verifyCertificate3280 Start");
        try {
            String name = x509CertificateObject.getIssuerDN().getName();
            String name2 = x509CertificateObject.getSubjectDN().getName();
            KCaseLogging.println("<<KSign>> �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 " + name2);
            if (!name.equals(name2)) {
                z = false;
                z2 = false;
            } else {
                if (!x509CertificateObject.isBasicConstraintscA()) {
                    JCEUtil.setErrorcode("50016");
                    throw new ValidateException("(KSign) 3280's Root CA Cert format Wrong");
                }
                z = true;
                z2 = true;
            }
            if (x509CertificateObject.isBasicConstraintsPathLenghtConstraint()) {
                if (!x509CertificateObject.isBasicConstraintscA()) {
                    JCEUtil.setErrorcode("50016");
                    throw new ValidateException("(KSign) 3280's CA Cert format Wrong");
                }
                z2 = true;
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 CRL �뜝�룞�삕�뜝�룞�삕 Start");
            String[] divisionFromLDAPUrl = LDAPUtil.divisionFromLDAPUrl(x509CertificateObject.getDistributionPoint(), this.convertUrl);
            if (divisionFromLDAPUrl == null && !z) {
                JCEUtil.setErrorcode("50006");
                throw new NamingException("(KSign) verifyCertificate3280's not found CRL DP's ldap-url from 3280 Cert.");
            }
            if (divisionFromLDAPUrl != null) {
                String removeDNQuotation = divisionFromLDAPUrl[1].indexOf("\"") != -1 ? removeDNQuotation(divisionFromLDAPUrl[1]) : divisionFromLDAPUrl[1].indexOf("\\") != -1 ? removeDNQuotation2(divisionFromLDAPUrl[1]) : divisionFromLDAPUrl[1];
                divisionFromLDAPUrl[0] = str;
                KCaseLogging.println("<<KSign>> CRL DP's information url    : " + divisionFromLDAPUrl[0]);
                KCaseLogging.println("<<KSign>> CRL DP's information crl dn : " + removeDNQuotation);
                int i4 = this.m_nCrlCheckOption;
                if (i4 == 0 || (!z2 && i4 == 1)) {
                    DirContext findDirContext = findDirContext(divisionFromLDAPUrl[0]);
                    boolean isLocalCRL = this.isLocalSaveCRL ? isLocalCRL(this.baseDir, removeDNQuotation) : false;
                    if ((findDirContext == null && !isLocalCRL) || (findDirContext == null && this.baseDir == null)) {
                        findDirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                        addDirContext(findDirContext);
                    }
                    if ((findDirContext == null && !isLocalCRL) || (findDirContext == null && this.baseDir == null)) {
                        JCEUtil.setErrorcode("50031");
                        throw new ValidateException("(KSign) verifyCertificate3280's No directory server information.");
                    }
                    String str2 = this.baseDir;
                    if (str2 == null) {
                        x509crlArr = LDAPUtil.findCRLFromLDAP(findDirContext, divisionFromLDAPUrl[1], z2);
                    } else {
                        X509CRL x509crl = this.isLocalSaveCRL ? (X509CRL) getLocalCRL(str2, removeDNQuotation) : null;
                        if (x509crl == null) {
                            if (findDirContext == null) {
                                findDirContext = LDAPUtil.createLDAP(divisionFromLDAPUrl[0], this.userLdapDN, this.password);
                                addDirContext(findDirContext);
                            }
                            x509crlArr = LDAPUtil.findCRLFromLDAP(findDirContext, divisionFromLDAPUrl[1], z2);
                            if (x509crlArr.length > 0 && this.isLocalSaveCRL) {
                                if (!setLocalCRL(String.valueOf(this.baseDir) + SmartMedicUpdater.c + removeDNQuotation, x509crlArr[0])) {
                                    throw new ValidateException("(KSign) verifyCertificate3280's CRL not store");
                                }
                            }
                        } else {
                            x509crlArr = new X509CRL[]{x509crl};
                        }
                    }
                    KCaseLogging.println("<<KSign>> crl�뜝�룞�삕 �뜝�뙥源띿삕�뜝�룞�삕 : " + x509crlArr[0].getIssuerDN().getName());
                    KCaseLogging.println("<<KSign>> CRL�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 �뜝�떎�뼲�삕�뜝�룞�삕�뜝泥댄겕 : OK");
                    if (x509crlArr.length > 0) {
                        if (((X509CRLObject) x509crlArr[0]).isIndirectCRL()) {
                            KCaseLogging.println("<<KSign> IndirectCRL true");
                            z3 = x509CertificateObject.getCRLDPcRLIssuer().equalsIgnoreCase(((X509CRLObject) x509crlArr[0]).getIssuerDN2().getName());
                        } else {
                            KCaseLogging.println("<<KSign> IndirectCRL false");
                            z3 = true;
                        }
                        if (!z3) {
                            JCEUtil.setErrorcode("300017");
                            throw new ValidateException("(KSign)verifyCertificate3280's 3280 Cert : CRL issuer something wrong");
                        }
                        KCaseLogging.println("<<KSign>> CRL �뜝�뙥源띿삕�뜝�뙓怨ㅼ삕 �뜝�떆諛붾챿�삕�뜝�룞�삕 泥댄겕 : " + z3);
                        if (x509CertificateObject.getCRLDPcRLIssuer() == null && !x509CertificateObject.getIssuerDN2().getName().equalsIgnoreCase(((X509CRLObject) x509crlArr[0]).getIssuerDN2().getName())) {
                            JCEUtil.setErrorcode("300021");
                            throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : subjectCert isser DN different CRL issuer DN");
                        }
                        KCaseLogging.println("<<KSign>> CRL �뜝�뙥源띿삕�뜝�룞�삕 DN�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
                        if (((X509CRLObject) x509crlArr[0]).getIssuingDistributionPointName() != null) {
                            if (x509CertificateObject.isCRLDPDistributionPointName()) {
                                String[] divisionFromLDAPUrl2 = LDAPUtil.divisionFromLDAPUrl(((X509CRLObject) x509crlArr[0]).getIssuingDistributionPointName());
                                String[] divisionFromLDAPUrl3 = LDAPUtil.divisionFromLDAPUrl(x509CertificateObject.getDistributionPoint());
                                if (!divisionFromLDAPUrl2[0].equalsIgnoreCase(divisionFromLDAPUrl3[0]) || !divisionFromLDAPUrl2[1].equalsIgnoreCase(divisionFromLDAPUrl3[1])) {
                                    JCEUtil.setErrorcode("300022");
                                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : CRLIDP DistributionPointName 1 different IDP DistributionPointName");
                                }
                            } else if (!LDAPUtil.divisionFromLDAPUrl(((X509CRLObject) x509crlArr[0]).getIssuingDistributionPointName())[1].equalsIgnoreCase(x509CertificateObject.getCRLDPcRLIssuer())) {
                                JCEUtil.setErrorcode("300022");
                                throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : CRLIDP DistributionPointName 2 different IDP DistributionPointName");
                            }
                        }
                        KCaseLogging.println("<<KSign>> CRL�뜝�룞�삕 IDP �뜝�룞�삕�뜝�룞�삕 OK : " + ((X509CRLObject) x509crlArr[0]).getIssuingDistributionPointName());
                        if (x509CertificateObject.getExtensionCritial(X509Extension.keyUsage) && !checkKeyUsage(x509CertificateObject2, 6)) {
                            JCEUtil.setErrorcode("300024");
                            throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : cRLSign Key usage error.");
                        }
                        KCaseLogging.println("<<KSign>> Key Usage�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
                        int i5 = this.m_nCrlCheckOption;
                        if (i5 == 1) {
                            if (!z2) {
                                ((X509CRLObject) x509crlArr[0]).verify(x509CertificateObject2.getPublicKey(), "Ksign");
                            }
                        } else if (i5 == 0) {
                            ((X509CRLObject) x509crlArr[0]).verify(x509CertificateObject2.getPublicKey(), "Ksign");
                        }
                        KCaseLogging.println("<<KSign>> ARL/CRL�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK ");
                        int i6 = this.m_nCrlCheckOption;
                        if (i6 == 1) {
                            if (!z2) {
                                if (((X509CRLObject) x509crlArr[0]).isRevoked(x509CertificateObject)) {
                                    JCEUtil.setErrorcode("50010");
                                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : This Certificate3280 is revoked");
                                }
                                if (x509CertificateObject.getCRLDPcRLIssuer() != null && (x509CRLEntryObject2 = (X509CRLEntryObject) ((X509CRLObject) x509crlArr[0]).getRevokedCertificate(x509CertificateObject.getSerialNumber())) != null && !x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(x509CRLEntryObject2.getcertificateIssuer())) {
                                    JCEUtil.setErrorcode("300025");
                                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : Cert's Issuer DN value and CRL Entry Extensions's certificateIssuer something wrong");
                                }
                            }
                        } else if (i6 == 0) {
                            if (((X509CRLObject) x509crlArr[0]).isRevoked(x509CertificateObject)) {
                                JCEUtil.setErrorcode("50010");
                                throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : This Certificate3280 is revoked");
                            }
                            if (x509CertificateObject.getCRLDPcRLIssuer() != null && (x509CRLEntryObject = (X509CRLEntryObject) ((X509CRLObject) x509crlArr[0]).getRevokedCertificate(x509CertificateObject.getSerialNumber())) != null && !x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(x509CRLEntryObject.getcertificateIssuer())) {
                                JCEUtil.setErrorcode("300025");
                                throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert : Cert's Issuer DN value and CRL Entry Extensions's certificateIssuer something wrong");
                            }
                        }
                        KCaseLogging.println("<<KSign>> �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�떗�뼲�삕�뜝�룞�삕");
                    }
                }
            }
            if (this.m_bPathValidationOp) {
                x509CertificateObject.verify(x509CertificateObject2.getPublicKey(), "Ksign");
            }
            x509CertificateObject.checkValidity();
            if (this.m_bPathValidationOp && !z && !isCertIssuedbyIssuerCert(x509CertificateObject, x509CertificateObject2)) {
                JCEUtil.setErrorcode("50011");
                throw new ValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert is not Issuer 3280 Cert Error!!! ");
            }
            KCaseLogging.println("<<KSign>> �뜝�뜦蹂� �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
            if (!z) {
                checkPermittedDN(this.permittedSubtreesDN, x509CertificateObject.getSubjectDN().getName());
                checkExcludedDN(this.excludedSubtreesDN, x509CertificateObject.getSubjectDN().getName());
                if (x509CertificateObject.getSANSubjectAltName() != null) {
                    if (x509CertificateObject.getSubjectAlternativeNamerfc822Name() != null) {
                        checkPermittedrfc822Name(this.permittedSubtreesrfc822Name, x509CertificateObject.getSubjectAlternativeNamerfc822Name());
                        checkExcludedrfc822Name(this.excludedSubtreesrfc822Name, x509CertificateObject.getSubjectAlternativeNamerfc822Name());
                    } else if (x509CertificateObject.getSubjectAlternativeNamedNSName() != null) {
                        checkPermitteddNSName(this.permittedSubtreesDN, x509CertificateObject.getSubjectAlternativeNamedNSName());
                        checkExcludeddNSName(this.excludedSubtreesDN, x509CertificateObject.getSubjectAlternativeNamedNSName());
                    } else if (x509CertificateObject.getSubjectAlternativeNameDN() != null) {
                        checkPermittedDN(this.permittedSubtreesDN, x509CertificateObject.getSubjectAlternativeNameDN());
                        checkExcludedDN(this.excludedSubtreesDN, x509CertificateObject.getSubjectAlternativeNameDN());
                    }
                }
            }
            KCaseLogging.println("<<KSign>> Root CA �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�뜫媛��뜝�룞�삕 �뜝�룞�삕移��뜝�룞�삕�뜝�룞�삕 & �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕移� �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
            if (!z2) {
                if (x509CertificateObject.getPolicy() == null) {
                    JCEUtil.setErrorcode("20007");
                    throw new ValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert's policy is null");
                }
                if (!checkCertificatePolicies3280(x509CertificateObject)) {
                    JCEUtil.setErrorcode("50013");
                    throw new ValidateException("(KSign) verifyCertificate3280's : Subject 3280 Cert's Mismatched certificate policy.");
                }
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕�슚�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕梨끻뜝�룞�삕 泥섇뜝�룞�삕 OK");
            if (x509CertificateObject.getPolicyMappings() != null) {
                for (int i7 = 0; i7 < x509CertificateObject.getPolicyMappings().length; i7++) {
                    if ("2.5.29.32.0".equals(x509CertificateObject.getPolicyMappings()[i7].toString())) {
                        JCEUtil.setErrorcode("300026");
                        throw new ValidateException("(KSign) verifyCertificate3280's : 3280 Cert's IssuerDomainPolicy && SubjectDomainPolicy is anyPolicy");
                    }
                }
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕梨� �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
            if (x509CertificateObject.getNameConstraintPermittedSubtrees() != null) {
                int subjectAlternativeNameflag = x509CertificateObject.getSubjectAlternativeNameflag();
                if (subjectAlternativeNameflag == 2) {
                    this.permittedSubtreesrfc822Name = intersectrfc822Name(this.permittedSubtreesrfc822Name, x509CertificateObject.getNameConstraintPermittedSubtrees());
                } else if (subjectAlternativeNameflag == 3) {
                    this.permittedSubtreesdNSName = intersectdNSName(this.permittedSubtreesdNSName, x509CertificateObject.getNameConstraintPermittedSubtrees());
                } else if (subjectAlternativeNameflag == 5) {
                    this.permittedSubtreesDN = intersectDN(this.permittedSubtreesDN, x509CertificateObject.getNameConstraintPermittedSubtrees());
                }
            }
            if (x509CertificateObject.getNameConstraintsExcludedSubtrees() != null) {
                int subjectAlternativeNameflag2 = x509CertificateObject.getSubjectAlternativeNameflag();
                if (subjectAlternativeNameflag2 == 2) {
                    this.excludedSubtreesrfc822Name = unionrfc822Name(this.permittedSubtreesrfc822Name, x509CertificateObject.getNameConstraintPermittedSubtrees());
                } else if (subjectAlternativeNameflag2 == 3) {
                    this.excludedSubtreesdNSName = uniondNSName(this.permittedSubtreesdNSName, x509CertificateObject.getNameConstraintPermittedSubtrees());
                } else if (subjectAlternativeNameflag2 == 5) {
                    this.excludedSubtreesDN = unionDN(this.permittedSubtreesDN, x509CertificateObject.getNameConstraintPermittedSubtrees());
                }
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕移� �뜝�룞�삕�뜝�룞�삕 �뜝�룞�삕�뜝�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�뜾�꽕�뜝�룞�삕 OK");
            if (!z) {
                int i8 = this.explicitPolicy;
                if (i8 != 0) {
                    this.explicitPolicy = i8 - 1;
                }
                int i9 = this.policyMapping;
                if (i9 != 0) {
                    this.policyMapping = i9 - 1;
                }
                int i10 = this.inhibitAnyPolicy;
                if (i10 != 0) {
                    this.inhibitAnyPolicy = i10 - 1;
                }
                if (x509CertificateObject.isPolicyConstraintsRep() && x509CertificateObject.getPolicyConstraintsRep() < this.explicitPolicy) {
                    this.explicitPolicy = x509CertificateObject.getPolicyConstraintsRep();
                }
            }
            KCaseLogging.println("<<KSign>> �뜝�룞�삕梨끻뜝�룞�삕�뜝�뜝�룞�삕�뜝�듅釉앹삕�뜝�룞�삕�뜝�룞�삕�뜝�룞�삕 �뜝�뜾�꽕�뜝�룞�삕 OK");
            if (!z) {
                int i11 = this.maxPathLenght;
                if (i11 > 0) {
                    this.maxPathLenght = i11 - 1;
                }
                if (x509CertificateObject.isBasicConstraintsPathLenghtConstraint() && x509CertificateObject.getBasicConstraintsPathLenghtConstraint() < this.maxPathLenght) {
                    this.maxPathLenght = x509CertificateObject.getBasicConstraintsPathLenghtConstraint();
                }
            }
            if (z2) {
                if (!z && !x509CertificateObject.getExtensionCritial(X509Extension.keyUsage)) {
                    JCEUtil.setErrorcode("20007");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 CA Cert�뜝�룞�삕 key usage is null");
                }
                if (x509CertificateObject.getExtensionCritial(X509Extension.keyUsage) && !checkKeyUsage(x509CertificateObject, 5)) {
                    JCEUtil.setErrorcode("300023");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert CA's  Key usage's is not keyCertSign value");
                }
            } else if (i != 4) {
                if (x509CertificateObject.getKeyUsage() == null) {
                    JCEUtil.setErrorcode("20007");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert's Key usage field is null.");
                }
                if (!checkCertUsage(x509CertificateObject, i)) {
                    JCEUtil.setErrorcode("50023");
                    throw new ValidateException("(KSign) verifyCertificate3280's 3280 Cert's Key usage error.");
                }
            }
            KCaseLogging.println("<KSign> key usage �솗�뜝�룞�삕 �뜝�떗�뱶媛� KeyCertSign �뜝�룞�삕�듃�뜝�룞�삕 �뜝�룞�삕�뜝�룞�삕 OK");
            if (!z && (i3 = this.explicitPolicy) != 0) {
                this.explicitPolicy = i3 - 1;
            }
            if (x509CertificateObject.isPolicyConstraintsRep() && x509CertificateObject.getPolicyConstraintsRep() < this.explicitPolicy) {
                this.explicitPolicy = x509CertificateObject.getPolicyConstraintsRep();
            }
            KCaseLogging.println("<<KSign>> verifyCertificate3280 End");
            KCaseLogging.println("<<KSign>> verifyCertificate3280 End");
            return true;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("300032");
            }
            throw new ValidateException("(KSign) ValidateCert : verifyCertificate3280's process Error    " + e.toString());
        }
    }
}
