package kz.gov.pki.provider.utils.verifier;

import java.io.IOException;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SignatureException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Map;
import java.util.Set;
import kz.gov.pki.kalkan.asn1.x509.X509Name;
import kz.gov.pki.kalkan.exception.KalkanException;
import kz.gov.pki.kalkan.exception.OCSPCode;
import kz.gov.pki.kalkan.jce.exception.ExtCertPathValidatorException;
import kz.gov.pki.kalkan.ocsp.CertificateStatus;
import kz.gov.pki.kalkan.ocsp.OCSPException;
import kz.gov.pki.kalkan.ocsp.RevokedStatus;
import kz.gov.pki.kalkan.ocsp.UnknownStatus;
import kz.gov.pki.kalkan.util.encoders.Hex;
import kz.gov.pki.provider.exception.ProviderUtilException;
import kz.gov.pki.provider.exception.ProviderUtilExceptionCode;
import kz.gov.pki.provider.utils.OCSPUtil;
import kz.gov.pki.provider.utils.PKIXUtil;
import kz.gov.pki.provider.utils.X509Util;
import kz.gov.pki.reference.KNCACertificateType;
import kz.gov.pki.reference.KNCAOids;
import kz.gov.pki.reference.KNCAServiceRequestMethod;
import kz.gov.pki.reference.KalkanHashAlgorithm;

/* loaded from: input_file:kz/gov/pki/provider/utils/verifier/Verifier.class */
public class Verifier {
    public static VerifyX509CertifcateResult verifyX509Certificate(X509Certificate x509Certificate, Collection<X509Certificate> collection, VerifierFlags verifierFlags) throws CertificateParsingException, CertificateException, IOException, NoSuchAlgorithmException, NoSuchProviderException, ProviderUtilException, InvalidAlgorithmParameterException, CertPathBuilderException {
        return verifyX509Certificate(x509Certificate, collection, null, verifierFlags);
    }

    public static VerifyX509CertifcateResult verifyX509Certificate(X509Certificate x509Certificate, Collection<X509Certificate> collection, Collection<X509CRL> collection2, VerifierFlags verifierFlags) throws CertificateParsingException, CertificateException, IOException, NoSuchAlgorithmException, NoSuchProviderException, ProviderUtilException, InvalidAlgorithmParameterException, CertPathBuilderException {
        VerifierResult verifyChain;
        VerifyX509CertifcateResult verifyX509CertifcateResult = new VerifyX509CertifcateResult();
        X509Name subjectDN = X509Util.getSubjectDN(x509Certificate);
        X509Name issuerDN = X509Util.getIssuerDN(x509Certificate);
        verifyX509CertifcateResult.setX509Certificate(x509Certificate);
        verifyX509CertifcateResult.setListExtKeyUsageOid(x509Certificate.getExtendedKeyUsage());
        verifyX509CertifcateResult.setSubjectDN(subjectDN.toString());
        verifyX509CertifcateResult.setIssuerDN(issuerDN.toString());
        verifyX509CertifcateResult.setIssuerCommonName(X509Util.getRdn(issuerDN, X509Name.CN, 0));
        verifyX509CertifcateResult.setMapRdnOidValue(X509Util.getRDNMapWithArrayValues(subjectDN));
        verifyX509CertifcateResult.setSerialNumber(x509Certificate.getSerialNumber().toString(16));
        verifyX509CertifcateResult.setAuthorityKeyIdentifier(Hex.encodeStr(X509Util.getAuthorityKeyIdentifier(x509Certificate)));
        verifyX509CertifcateResult.setSubjectKeyIdentifier(X509Util.getKeyId(x509Certificate));
        verifyX509CertifcateResult.setCurrentVerificationType(verifierFlags.getCurrentVerificationType());
        verifyX509CertifcateResult.setSetKNCACertificateType(X509Util.getKNCACertificateType(x509Certificate));
        String iin = verifyX509CertifcateResult.getIin();
        String bin = verifyX509CertifcateResult.getBin();
        verifyX509CertifcateResult.setPersonCert(X509Util.containsExtKeyUsage(x509Certificate, KNCAOids.KNCA_PERSON));
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_TYPE_AUTHENTICATION)) {
            verifyX509CertifcateResult.addVerifierResult(verifyKNCACertificateTypeAuthentication(x509Certificate, verifyX509CertifcateResult.getSetKNCACertificateType()));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_TYPE_SIGNATURE)) {
            verifyX509CertifcateResult.addVerifierResult(verifyKNCACertificateTypeSignature(x509Certificate, verifyX509CertifcateResult.getSetKNCACertificateType()));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_ADMINISTRATOR)) {
            verifyX509CertifcateResult.addVerifierResult(verifyExtKeyUsageKNCAAdministrator(x509Certificate));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_MANAGER)) {
            verifyX509CertifcateResult.addVerifierResult(verifyExtKeyUsageKNCAManager(x509Certificate));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_OPERATOR)) {
            verifyX509CertifcateResult.addVerifierResult(verifyExtKeyUsageKNCAOperator(x509Certificate));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_COMPANY_HEAD)) {
            verifyX509CertifcateResult.addVerifierResult(verifyExtKeyUsageKNCACompanyHead(x509Certificate));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_KNCA_USER)) {
            verifyX509CertifcateResult.addVerifierResult(verifyKNCAUser(x509Certificate, verifyX509CertifcateResult.getAuthorityKeyIdentifier(), iin, bin));
        }
        if (verifyX509CertifcateResult.isValid() && (verifyChain = verifyChain(x509Certificate, collection, collection2, verifierFlags)) != null) {
            verifyX509CertifcateResult.addVerifierResult(verifyChain);
        }
        return verifyX509CertifcateResult;
    }

    @Deprecated
    public static VerifyX509CertifcateResult verifyX509Certificate(X509Certificate x509Certificate, Map<String, X509Certificate> map, Provider provider, URL url, VerifierFlags verifierFlags) throws CertificateParsingException, CertificateException, IOException, NoSuchAlgorithmException, NoSuchProviderException, OCSPException, ProviderUtilException {
        VerifyX509CertifcateResult verifyX509CertifcateResult = new VerifyX509CertifcateResult();
        X509Name subjectDN = X509Util.getSubjectDN(x509Certificate);
        X509Name issuerDN = X509Util.getIssuerDN(x509Certificate);
        verifyX509CertifcateResult.setX509Certificate(x509Certificate);
        verifyX509CertifcateResult.setListExtKeyUsageOid(x509Certificate.getExtendedKeyUsage());
        verifyX509CertifcateResult.setSubjectDN(subjectDN.toString());
        verifyX509CertifcateResult.setIssuerDN(issuerDN.toString());
        verifyX509CertifcateResult.setIssuerCommonName(X509Util.getRdn(issuerDN, X509Name.CN, 0));
        verifyX509CertifcateResult.setMapRdnOidValue(X509Util.getRDNMapWithArrayValues(subjectDN));
        verifyX509CertifcateResult.setSerialNumber(x509Certificate.getSerialNumber().toString(16));
        verifyX509CertifcateResult.setAuthorityKeyIdentifier(Hex.encodeStr(X509Util.getAuthorityKeyIdentifier(x509Certificate)));
        verifyX509CertifcateResult.setSubjectKeyIdentifier(X509Util.getKeyId(x509Certificate));
        verifyX509CertifcateResult.setCurrentVerificationType(verifierFlags.getCurrentVerificationType());
        verifyX509CertifcateResult.setSetKNCACertificateType(X509Util.getKNCACertificateType(x509Certificate));
        String iin = verifyX509CertifcateResult.getIin();
        String bin = verifyX509CertifcateResult.getBin();
        if (X509Util.isExCaCert(x509Certificate)) {
            verifyX509CertifcateResult.setPersonCert(bin == null);
        } else {
            verifyX509CertifcateResult.setPersonCert(X509Util.containsExtKeyUsage(x509Certificate, KNCAOids.KNCA_PERSON));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_TIME_VALIDITY)) {
            verifyX509CertifcateResult.addVerifierResult(verifyTimeValidity(x509Certificate));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_TYPE_AUTHENTICATION)) {
            verifyX509CertifcateResult.addVerifierResult(verifyKNCACertificateTypeAuthentication(x509Certificate, verifyX509CertifcateResult.getSetKNCACertificateType()));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_TYPE_SIGNATURE)) {
            verifyX509CertifcateResult.addVerifierResult(verifyKNCACertificateTypeSignature(x509Certificate, verifyX509CertifcateResult.getSetKNCACertificateType()));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_ADMINISTRATOR)) {
            verifyX509CertifcateResult.addVerifierResult(verifyExtKeyUsageKNCAAdministrator(x509Certificate));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_MANAGER)) {
            verifyX509CertifcateResult.addVerifierResult(verifyExtKeyUsageKNCAManager(x509Certificate));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_OPERATOR)) {
            verifyX509CertifcateResult.addVerifierResult(verifyExtKeyUsageKNCAOperator(x509Certificate));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_COMPANY_HEAD)) {
            verifyX509CertifcateResult.addVerifierResult(verifyExtKeyUsageKNCACompanyHead(x509Certificate));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_KNCA_USER)) {
            verifyX509CertifcateResult.addVerifierResult(verifyKNCAUser(x509Certificate, verifyX509CertifcateResult.getAuthorityKeyIdentifier(), iin, bin));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_CHAIN)) {
            verifyX509CertifcateResult.addVerifierResult(verifyChain(x509Certificate, map, verifyX509CertifcateResult.getAuthorityKeyIdentifier(), provider, verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_CACERT_TIME_VALIDITY)));
        }
        if (verifyX509CertifcateResult.isValid() && verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_OCSP_STATUS)) {
            verifyX509CertifcateResult.addVerifierResult(verifyOCSPStatus(x509Certificate, map, verifyX509CertifcateResult.getAuthorityKeyIdentifier(), provider, url));
        }
        return verifyX509CertifcateResult;
    }

    public static VerifierResult verifyTimeValidity(X509Certificate x509Certificate) {
        VerifierResult verifierResult;
        try {
            x509Certificate.checkValidity();
            verifierResult = new VerifierResult(VerifierType.X509CERTIFICATE_TIME_VALIDITY, VerifierResultCode.SUCCESS);
        } catch (CertificateExpiredException e) {
            verifierResult = new VerifierResult(VerifierType.X509CERTIFICATE_TIME_VALIDITY, VerifierResultCode.X509CERTIFICATE_VALIDITY_EXPIRED);
        } catch (CertificateNotYetValidException e2) {
            verifierResult = new VerifierResult(VerifierType.X509CERTIFICATE_TIME_VALIDITY, VerifierResultCode.X509CERTIFICATE_VALIDITY_NOT_YET_VALID);
        }
        return verifierResult;
    }

    public static VerifierResult verifyExtKeyUsageKNCAAdministrator(X509Certificate x509Certificate) throws CertificateParsingException {
        return X509Util.containsExtKeyUsage(x509Certificate, KNCAOids.KNCA_ADMINISTRATOR) ? new VerifierResult(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_ADMINISTRATOR, VerifierResultCode.SUCCESS) : new VerifierResult(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_ADMINISTRATOR, VerifierResultCode.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_ADMINISTRATOR_FAIL);
    }

    public static VerifierResult verifyKNCACertificateTypeSignature(X509Certificate x509Certificate, Set<KNCACertificateType> set) throws IOException, ProviderUtilException, CertificateParsingException {
        if (set == null) {
            set = X509Util.getKNCACertificateType(x509Certificate);
        }
        return set.contains(KNCACertificateType.SIGNATURE) ? new VerifierResult(VerifierType.X509CERTIFICATE_TYPE_SIGNATURE, VerifierResultCode.SUCCESS) : new VerifierResult(VerifierType.X509CERTIFICATE_TYPE_SIGNATURE, VerifierResultCode.X509CERTIFICATE_TYPE_SIGNATURE_FAIL);
    }

    public static VerifierResult verifyKNCACertificateTypeAuthentication(X509Certificate x509Certificate, Set<KNCACertificateType> set) throws IOException, ProviderUtilException, CertificateParsingException {
        if (set == null) {
            set = X509Util.getKNCACertificateType(x509Certificate);
        }
        return set.contains(KNCACertificateType.AUTHENTICATION) ? new VerifierResult(VerifierType.X509CERTIFICATE_TYPE_AUTHENTICATION, VerifierResultCode.SUCCESS) : new VerifierResult(VerifierType.X509CERTIFICATE_TYPE_AUTHENTICATION, VerifierResultCode.X509CERTIFICATE_TYPE_AUTHENTICATION_FAIL);
    }

    public static VerifierResult verifyExtKeyUsageKNCAManager(X509Certificate x509Certificate) throws CertificateParsingException {
        return X509Util.containsExtKeyUsage(x509Certificate, KNCAOids.KNCA_MANAGER) ? new VerifierResult(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_MANAGER, VerifierResultCode.SUCCESS) : new VerifierResult(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_MANAGER, VerifierResultCode.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_MANAGER_FAIL);
    }

    public static VerifierResult verifyExtKeyUsageKNCAOperator(X509Certificate x509Certificate) throws CertificateParsingException {
        return X509Util.containsExtKeyUsage(x509Certificate, KNCAOids.KNCA_OPERATOR) ? new VerifierResult(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_OPERATOR, VerifierResultCode.SUCCESS) : new VerifierResult(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_OPERATOR, VerifierResultCode.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_OPERATOR_FAIL);
    }

    public static VerifierResult verifyExtKeyUsageKNCACompanyHead(X509Certificate x509Certificate) throws CertificateParsingException {
        return X509Util.containsExtKeyUsage(x509Certificate, KNCAOids.KNCA_COMPANY_HEAD) ? new VerifierResult(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_COMPANY_HEAD, VerifierResultCode.SUCCESS) : new VerifierResult(VerifierType.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_COMPANY_HEAD, VerifierResultCode.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_COMPANY_HEAD_FAIL);
    }

    public static VerifierResult verifyKNCAUser(X509Certificate x509Certificate, String str, String str2, String str3) throws CertificateParsingException {
        boolean z = false;
        boolean z2 = false;
        if (X509Util.isExCaCert(x509Certificate)) {
            z2 = (str3 == null || str3.isEmpty()) ? false : true;
            boolean z3 = !z2;
        } else {
            if (X509Util.containsExtKeyUsage(x509Certificate, KNCAOids.KNCA_PERSON)) {
                z = true;
            }
            if (X509Util.containsExtKeyUsage(x509Certificate, KNCAOids.KNCA_COMPANY)) {
                z2 = true;
            }
            if (z && z2) {
                return new VerifierResult(VerifierType.X509CERTIFICATE_KNCA_USER, VerifierResultCode.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_BOTH_PERSON_COMPANY);
            }
            if (!z2 && !z) {
                return new VerifierResult(VerifierType.X509CERTIFICATE_KNCA_USER, VerifierResultCode.X509CERTIFICATE_CONTAINS_EXT_KEY_USAGE_KNCA_NONE_PERSON_COMPANY);
            }
        }
        return (str2 == null || str2.isEmpty()) ? new VerifierResult(VerifierType.X509CERTIFICATE_KNCA_USER, VerifierResultCode.X509CERTIFICATE_CONTAINS_NONE_RDN_SERIALNUMBER) : (z2 && (str3 == null || str3.isEmpty())) ? new VerifierResult(VerifierType.X509CERTIFICATE_KNCA_USER, VerifierResultCode.X509CERTIFICATE_CONTAINS_NONE_RDN_OU) : new VerifierResult(VerifierType.X509CERTIFICATE_KNCA_USER, VerifierResultCode.SUCCESS);
    }

    @Deprecated
    public static VerifierResult verifyChain(X509Certificate x509Certificate, Map<String, X509Certificate> map, String str, Provider provider, boolean z) throws IOException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, ProviderUtilException {
        X509Certificate x509Certificate2;
        X509Certificate x509Certificate3 = null;
        String str2 = null;
        String str3 = null;
        do {
            x509Certificate3 = x509Certificate3 == null ? x509Certificate : map.get(str2);
            str2 = str2 == null ? str : str3;
            x509Certificate2 = map.get(str2);
            if (x509Certificate2 == null) {
                return new VerifierResult(VerifierType.X509CERTIFICATE_CHAIN, VerifierResultCode.CA_CERT_NOT_FOUND);
            }
            try {
                str3 = Hex.encodeStr(X509Util.getAuthorityKeyIdentifier(x509Certificate2));
            } catch (ProviderUtilException e) {
                if (e.getCode().equals(ProviderUtilExceptionCode.EXTENSION_NOT_FOUND)) {
                    str3 = str2;
                }
            }
            if (z) {
                try {
                    x509Certificate2.checkValidity();
                } catch (CertificateExpiredException e2) {
                    return new VerifierResult(VerifierType.X509CERTIFICATE_CHAIN, VerifierResultCode.CA_CERT_VALIDITY_EXPIRED);
                } catch (CertificateNotYetValidException e3) {
                    return new VerifierResult(VerifierType.X509CERTIFICATE_CHAIN, VerifierResultCode.CA_CERT_VALIDITY_NOT_YET_VALID);
                }
            }
            try {
                x509Certificate3.verify(x509Certificate2.getPublicKey(), provider.getName());
            } catch (InvalidKeyException | SignatureException e4) {
                return new VerifierResult(VerifierType.X509CERTIFICATE_CHAIN, VerifierResultCode.X509CERTIFICATE_INVALID_CHAIN);
            }
        } while (!x509Certificate3.equals(x509Certificate2));
        return new VerifierResult(VerifierType.X509CERTIFICATE_CHAIN, VerifierResultCode.SUCCESS);
    }

    public static VerifierResult verifyChain(X509Certificate x509Certificate, Collection<X509Certificate> collection, Collection<X509CRL> collection2, VerifierFlags verifierFlags) throws CertPathBuilderException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, ProviderUtilException {
        try {
            if (verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_VALIDITY_ALLOW_EXPIRED)) {
                new PKIXUtil(x509Certificate, collection).allowExpired().validate();
                return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY_ALLOW_EXPIRED, VerifierResultCode.SUCCESS);
            }
            if (verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_VALIDITY_WITH_STATUS)) {
                PKIXUtil pKIXUtil = new PKIXUtil(x509Certificate, collection);
                (collection2 == null ? pKIXUtil.withOCSP() : pKIXUtil.withCRL(collection2)).validate();
                return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY_WITH_STATUS, VerifierResultCode.SUCCESS);
            }
            if (!verifierFlags.containsVerifierType(VerifierType.X509CERTIFICATE_VALIDITY)) {
                return null;
            }
            new PKIXUtil(x509Certificate, collection).validate();
            return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY, VerifierResultCode.SUCCESS);
        } catch (ProviderUtilException e) {
            if (e.getCause() != null && (e.getCause() instanceof CertPathBuilderException)) {
                CertPathBuilderException certPathBuilderException = (CertPathBuilderException) e.getCause();
                if (certPathBuilderException.getCause() != null && (certPathBuilderException.getCause() instanceof ExtCertPathValidatorException)) {
                    ExtCertPathValidatorException extCertPathValidatorException = (ExtCertPathValidatorException) certPathBuilderException.getCause();
                    if (extCertPathValidatorException.getCause() != null && (extCertPathValidatorException.getCause() instanceof CertificateExpiredException)) {
                        return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY, VerifierResultCode.X509CERTIFICATE_VALIDITY_EXPIRED);
                    }
                    if (extCertPathValidatorException.getCause() != null && (extCertPathValidatorException.getCause() instanceof CertificateNotYetValidException)) {
                        return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY, VerifierResultCode.X509CERTIFICATE_VALIDITY_NOT_YET_VALID);
                    }
                    if (extCertPathValidatorException.getCause() != null && (extCertPathValidatorException.getCause() instanceof CertPathValidatorException)) {
                        CertPathValidatorException certPathValidatorException = (CertPathValidatorException) extCertPathValidatorException.getCause();
                        if (certPathValidatorException.getCause() != null && (certPathValidatorException.getCause() instanceof KalkanException)) {
                            KalkanException kalkanException = (KalkanException) certPathValidatorException.getCause();
                            if (kalkanException.getErrorCode().equals(OCSPCode.STATUS_REVOKED)) {
                                return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY, VerifierResultCode.X509CERTIFICATE_OCSP_STATUS_REVOKED);
                            }
                            if (kalkanException.getErrorCode().equals(OCSPCode.STATUS_UNKNOWN)) {
                                return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY, VerifierResultCode.X509CERTIFICATE_OCSP_STATUS_UNKNOWN);
                            }
                            if (kalkanException.getErrorCode().equals(OCSPCode.NONCES_NOT_EQUAL)) {
                                return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY, VerifierResultCode.X509CERTIFICATE_OCSP_NOT_EQUAL_NONCES);
                            }
                            if (kalkanException.getErrorCode().equals(OCSPCode.OCSP_RESP_NOT_VERIFIED)) {
                                return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY, VerifierResultCode.X509CERTIFICATE_OCSP_RESPONSE_NOT_VERIFIED);
                            }
                        }
                    }
                    if (extCertPathValidatorException.getCause() != null && (extCertPathValidatorException.getCause() instanceof InvalidKeyException)) {
                        return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY, VerifierResultCode.X509CERTIFICATE_INVALID_CHAIN);
                    }
                }
            }
            if (e.getCode().equals(ProviderUtilExceptionCode.ISSUER_CERT_NOT_FOUND)) {
                return new VerifierResult(VerifierType.X509CERTIFICATE_VALIDITY, VerifierResultCode.X509CERTIFICATE_INVALID_CHAIN);
            }
            throw e;
        }
    }

    @Deprecated
    public static VerifierResult verifyOCSPStatus(X509Certificate x509Certificate, Map<String, X509Certificate> map, String str, Provider provider, URL url) throws IOException, OCSPException, NoSuchProviderException {
        try {
            CertificateStatus verify = OCSPUtil.verify(x509Certificate, map.get(str), url, KalkanHashAlgorithm.HASH_SHA1, KNCAServiceRequestMethod.GET, false, provider);
            if (verify == null) {
                return new VerifierResult(VerifierType.X509CERTIFICATE_OCSP_STATUS, VerifierResultCode.SUCCESS);
            }
            if ((verify instanceof RevokedStatus) && ((RevokedStatus) verify).hasRevocationReason()) {
                return new VerifierResult(VerifierType.X509CERTIFICATE_OCSP_STATUS, VerifierResultCode.X509CERTIFICATE_OCSP_STATUS_REVOKED);
            }
            if (verify instanceof UnknownStatus) {
                return new VerifierResult(VerifierType.X509CERTIFICATE_OCSP_STATUS, VerifierResultCode.X509CERTIFICATE_OCSP_STATUS_UNKNOWN);
            }
            throw new OCSPException("Unknown status");
        } catch (ProviderUtilException e) {
            return e.getCode().equals(ProviderUtilExceptionCode.OCSP_NOT_EQUAL_NONCES) ? new VerifierResult(VerifierType.X509CERTIFICATE_OCSP_STATUS, VerifierResultCode.X509CERTIFICATE_OCSP_NOT_EQUAL_NONCES) : new VerifierResult(VerifierType.X509CERTIFICATE_OCSP_STATUS, VerifierResultCode.X509CERTIFICATE_OCSP_RESPONSE_NOT_VERIFIED);
        }
    }
}
