package ru.CryptoPro.reprov.certpath;

import java.io.IOException;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import ru.CryptoPro.JCP.JCP;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.cl_9;
import ru.CryptoPro.reprov.x509.PKIXExtensions;
import ru.CryptoPro.reprov.x509.X500Principal;

/* loaded from: classes5.dex */
public final class SunCertPathBuilder extends CertPathBuilderSpi {
    private PKIXBuilderParameters a;
    private CertificateFactory b;
    private boolean c = false;
    private X500Principal d;
    private PolicyNode e;
    private TrustAnchor f;
    private PublicKey g;
    private X509CertSelector h;
    private List i;
    private boolean j;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public class CertStoreComparator implements Comparator {
        private CertStoreComparator() {
        }

        @Override // java.util.Comparator
        public int compare(CertStore certStore, CertStore certStore2) {
            return Builder.a(certStore) ? -1 : 1;
        }
    }

    public SunCertPathBuilder() throws CertPathBuilderException {
        this.j = false;
        try {
            this.b = CertificateFactory.getInstance(JCP.CERTIFICATE_FACTORY_NAME);
            this.j = ((Boolean) AccessController.doPrivileged(new GetBooleanSecurityPropertyAction("com.sun.security.onlyCheckRevocationOfEECert"))).booleanValue();
        } catch (CertificateException e) {
            throw new CertPathBuilderException(e);
        }
    }

    private CertPathBuilderResult a(boolean z, boolean z2, List list) throws CertPathBuilderException {
        this.c = false;
        this.f = null;
        this.g = null;
        this.e = null;
        LinkedList linkedList = new LinkedList();
        try {
            if (z) {
                a(list, linkedList, z2);
            } else {
                a(list, linkedList);
            }
            try {
                if (!this.c) {
                    return null;
                }
                JCPLogger.finer("SunCertPathBuilder.engineBuild() pathCompleted");
                Collections.reverse(linkedList);
                return new JCPCertPathBuilderResult(this.b.generateCertPath(linkedList), this.f, this.e, this.g, new AdjacencyList(list));
            } catch (Exception e) {
                JCPLogger.fine("SunCertPathBuilder.engineBuild() exception in wrap-up", (Throwable) e);
                throw new JCPCertPathBuilderException("unable to find valid certification path to requested target", e, new AdjacencyList(list));
            }
        } catch (Exception e2) {
            JCPLogger.fine("SunCertPathBuilder.engineBuild() exception in build");
            throw new JCPCertPathBuilderException("unable to find valid certification path to requested target", e2, new AdjacencyList(list));
        }
    }

    private List a(Collection collection, List list) {
        List list2 = (List) list.get(list.size() - 1);
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            list2.add(new Vertex((X509Certificate) it.next()));
        }
        return list2;
    }

    private X500Principal a(List list, X509CertSelector x509CertSelector) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                Collection<? extends Certificate> certificates = ((CertStore) it.next()).getCertificates(x509CertSelector);
                if (certificates.isEmpty()) {
                    continue;
                } else {
                    X509Certificate x509Certificate = (X509Certificate) certificates.iterator().next();
                    if (x509Certificate.getSubjectX500Principal() != null) {
                        return new X500Principal(x509Certificate.getSubjectX500Principal().getEncoded());
                    }
                    continue;
                }
            } catch (CertStoreException e) {
                JCPLogger.warning("SunCertPathBuilder.getTargetSubjectDN: non-fatal exception retrieving certs: ", (Throwable) e);
            }
        }
        return null;
    }

    private void a(List list, LinkedList linkedList) throws Exception {
        JCPLogger.finer("SunCertPathBuilder.buildReverse()...");
        JCPLogger.finer("SunCertPathBuilder.buildReverse() InitialPolicies: ", this.a.getInitialPolicies());
        ReverseState reverseState = new ReverseState();
        list.clear();
        list.add(new LinkedList());
        Iterator<TrustAnchor> it = this.a.getTrustAnchors().iterator();
        do {
            if (it.hasNext()) {
                TrustAnchor next = it.next();
                if (a(next, this.h)) {
                    this.f = next;
                    this.c = true;
                    this.g = next.getTrustedCert().getPublicKey();
                } else {
                    reverseState.initState(this.a.getMaxPathLength(), this.a.isExplicitPolicyRequired(), this.a.isPolicyMappingInhibited(), this.a.isAnyPolicyInhibited(), this.a.getCertPathCheckers());
                    reverseState.updateState(next);
                    reverseState.crlChecker = new CrlRevocationChecker(null, this.a, null, this.j);
                    reverseState.l = new AlgorithmChecker(next);
                    reverseState.m = new UntrustedChecker();
                    try {
                        a((X500Principal) null, reverseState, new ReverseBuilder(this.a, this.d), list, linkedList);
                    } catch (Exception e) {
                    }
                }
            }
            JCPLogger.finer("SunCertPathBuilder.buildReverse() returned from depthFirstSearchReverse()");
            JCPLogger.finer("SunCertPathBuilder.buildReverse() certPathList.size: ", Integer.valueOf(linkedList.size()));
            return;
        } while (it.hasNext());
        throw e;
    }

    private void a(List list, LinkedList linkedList, boolean z) throws GeneralSecurityException, IOException {
        JCPLogger.finer("SunCertPathBuilder.buildForward()...");
        ForwardState forwardState = new ForwardState();
        forwardState.initState(this.a.getCertPathCheckers());
        list.clear();
        list.add(new LinkedList());
        forwardState.crlChecker = new CrlRevocationChecker(null, this.a, null, this.j);
        forwardState.e = new UntrustedChecker();
        a(this.d, forwardState, new ForwardBuilder(this.a, this.d, z, this.j), list, linkedList);
    }

    private boolean a(TrustAnchor trustAnchor, X509CertSelector x509CertSelector) {
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        if (trustedCert != null) {
            return x509CertSelector.match(trustedCert);
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r14v0 */
    /* JADX WARN: Type inference failed for: r14v1, types: [boolean, int] */
    /* JADX WARN: Type inference failed for: r14v2 */
    /* JADX WARN: Type inference failed for: r14v3 */
    /* JADX WARN: Type inference failed for: r14v7 */
    void a(X500Principal x500Principal, ForwardState forwardState, ForwardBuilder forwardBuilder, List list, LinkedList linkedList) throws GeneralSecurityException, IOException {
        boolean z;
        Iterator it;
        BasicChecker basicChecker;
        int i;
        Set<String> supportedExtensions;
        ArrayList arrayList;
        Iterator it2;
        int i2 = 0;
        ?? r14 = 1;
        JCPLogger.finerFormat("SunCertPathBuilder.depthFirstSearchForward({0}, {1})", x500Principal, forwardState);
        List a = a(forwardBuilder.a(forwardState, this.i), list);
        JCPLogger.finer("SunCertPathBuilder.depthFirstSearchForward(): certs.size=", Integer.valueOf(a.size()));
        Iterator it3 = a.iterator();
        while (it3.hasNext()) {
            Vertex vertex = (Vertex) it3.next();
            ForwardState forwardState2 = (ForwardState) forwardState.clone();
            X509Certificate x509Certificate = (X509Certificate) vertex.getCertificate();
            try {
                forwardBuilder.a(x509Certificate, forwardState2, linkedList);
            } catch (GeneralSecurityException e) {
                z = r14;
                it = it3;
                JCPLogger.ignoredException(e);
                vertex.a(e);
            }
            if (forwardBuilder.a(x509Certificate)) {
                JCPLogger.finer("SunCertPathBuilder.depthFirstSearchForward(): commencing final verification");
                ArrayList arrayList2 = new ArrayList(linkedList);
                if (forwardBuilder.f.getTrustedCert() == null) {
                    arrayList2.add(i2, x509Certificate);
                }
                HashSet hashSet = new HashSet((int) r14);
                hashSet.add("2.5.29.32.0");
                PolicyChecker policyChecker = new PolicyChecker(this.a.getInitialPolicies(), arrayList2.size(), this.a.isExplicitPolicyRequired(), this.a.isPolicyMappingInhibited(), this.a.isAnyPolicyInhibited(), this.a.getPolicyQualifiersRejected(), new PolicyNodeImpl(null, "2.5.29.32.0", null, false, hashSet, false));
                ArrayList arrayList3 = new ArrayList(this.a.getCertPathCheckers());
                arrayList3.add(i2, policyChecker);
                arrayList3.add(r14, new AlgorithmChecker(forwardBuilder.f));
                if (forwardState2.keyParamsNeeded()) {
                    PublicKey publicKey = x509Certificate.getPublicKey();
                    if (forwardBuilder.f.getTrustedCert() == null) {
                        publicKey = forwardBuilder.f.getCAPublicKey();
                        JCPLogger.finer("SunCertPathBuilder.depthFirstSearchForward using buildParams public key: ", publicKey);
                    }
                    TrustAnchor trustAnchor = new TrustAnchor(x509Certificate.getSubjectX500Principal(), publicKey, (byte[]) null);
                    BasicChecker basicChecker2 = new BasicChecker(trustAnchor, forwardBuilder.c, this.a.getSigProvider(), r14);
                    arrayList3.add(2, basicChecker2);
                    i = 3;
                    if (this.a.isRevocationEnabled()) {
                        basicChecker = basicChecker2;
                        arrayList3.add(3, new CrlRevocationChecker(trustAnchor, this.a, null, this.j));
                        i = 4;
                    } else {
                        basicChecker = basicChecker2;
                    }
                } else {
                    basicChecker = null;
                    i = 2;
                }
                int i3 = 0;
                while (i3 < arrayList2.size()) {
                    X509Certificate x509Certificate2 = (X509Certificate) arrayList2.get(i3);
                    JCPLogger.finer("current subject = ", x509Certificate2.getSubjectX500Principal());
                    Set<String> criticalExtensionOIDs = x509Certificate2.getCriticalExtensionOIDs();
                    if (criticalExtensionOIDs == null) {
                        criticalExtensionOIDs = Collections.emptySet();
                    }
                    int i4 = 0;
                    while (i4 < arrayList3.size()) {
                        PKIXCertPathChecker pKIXCertPathChecker = (PKIXCertPathChecker) arrayList3.get(i4);
                        if (i4 < i || !pKIXCertPathChecker.isForwardCheckingSupported()) {
                            if (i3 == 0) {
                                it2 = it3;
                                pKIXCertPathChecker.init(false);
                                if (i4 < i || !(pKIXCertPathChecker instanceof AlgorithmChecker)) {
                                    arrayList = arrayList2;
                                } else {
                                    arrayList = arrayList2;
                                    ((AlgorithmChecker) pKIXCertPathChecker).a(forwardBuilder.f);
                                }
                            } else {
                                arrayList = arrayList2;
                                it2 = it3;
                            }
                            try {
                                pKIXCertPathChecker.check(x509Certificate2, criticalExtensionOIDs);
                            } catch (CertPathValidatorException e2) {
                                JCPLogger.subThrown("SunCertPathBuilder.depthFirstSearchForward(): final verification failed: ", e2);
                                vertex.a(e2);
                                it3 = it2;
                                i2 = 0;
                                r14 = 1;
                            }
                        } else {
                            arrayList = arrayList2;
                            it2 = it3;
                        }
                        i4++;
                        it3 = it2;
                        arrayList2 = arrayList;
                    }
                    ArrayList arrayList4 = arrayList2;
                    Iterator it4 = it3;
                    for (PKIXCertPathChecker pKIXCertPathChecker2 : this.a.getCertPathCheckers()) {
                        if (pKIXCertPathChecker2.isForwardCheckingSupported() && (supportedExtensions = pKIXCertPathChecker2.getSupportedExtensions()) != null) {
                            criticalExtensionOIDs.removeAll(supportedExtensions);
                        }
                    }
                    if (!criticalExtensionOIDs.isEmpty()) {
                        criticalExtensionOIDs.remove(PKIXExtensions.BasicConstraints_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.NameConstraints_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.CertificatePolicies_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.PolicyMappings_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.PolicyConstraints_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.InhibitAnyPolicy_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.SubjectAlternativeName_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.KeyUsage_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.ExtendedKeyUsage_Id.toString());
                        if (!criticalExtensionOIDs.isEmpty()) {
                            String str = "Unrecognized critical extension(s): " + criticalExtensionOIDs;
                            JCPLogger.fine(str);
                            if (!cl_9.a()) {
                                throw new CertPathValidatorException(str);
                            }
                            throw new CertPathValidatorException(str, null, null, -1, PKIXReason.UNRECOGNIZED_CRIT_EXT);
                        }
                    }
                    i3++;
                    it3 = it4;
                    arrayList2 = arrayList4;
                }
                JCPLogger.finer("SunCertPathBuilder.depthFirstSearchForward(): final verification succeeded - path completed!");
                this.c = true;
                if (forwardBuilder.f.getTrustedCert() == null) {
                    forwardBuilder.a(x509Certificate, linkedList);
                }
                this.f = forwardBuilder.f;
                this.g = basicChecker != null ? basicChecker.a() : (linkedList.size() == 0 ? forwardBuilder.f.getTrustedCert() : (Certificate) linkedList.get(linkedList.size() - 1)).getPublicKey();
                this.e = policyChecker.a();
                return;
            }
            it = it3;
            forwardBuilder.a(x509Certificate, linkedList);
            forwardState2.updateState(x509Certificate);
            list.add(new LinkedList());
            z = true;
            vertex.a(list.size() - 1);
            a(new X500Principal(x509Certificate.getIssuerX500Principal().getEncoded()), forwardState2, forwardBuilder, list, linkedList);
            if (this.c) {
                return;
            }
            JCPLogger.finer("SunCertPathBuilder.depthFirstSearchForward(): backtracking");
            forwardBuilder.a(linkedList);
            it3 = it;
            r14 = z;
            i2 = 0;
        }
    }

    void a(X500Principal x500Principal, ReverseState reverseState, ReverseBuilder reverseBuilder, List list, LinkedList linkedList) throws GeneralSecurityException, IOException {
        JCPLogger.finerFormat("SunCertPathBuilder.depthFirstSearchReverse({0}, {1})", x500Principal, reverseState);
        List<Vertex> a = a(reverseBuilder.a((State) reverseState, this.i), list);
        JCPLogger.finer("SunCertPathBuilder.depthFirstSearchReverse(): certs.size=", Integer.valueOf(a.size()));
        for (Vertex vertex : a) {
            ReverseState reverseState2 = (ReverseState) reverseState.clone();
            X509Certificate x509Certificate = (X509Certificate) vertex.getCertificate();
            try {
                reverseBuilder.a(x509Certificate, reverseState2, linkedList);
                if (!reverseState.isInitial()) {
                    reverseBuilder.a(x509Certificate, linkedList);
                }
                this.f = reverseState.n;
            } catch (GeneralSecurityException e) {
                JCPLogger.fine("SunCertPathBuilder.depthFirstSearchReverse(): validation failed: ", (Throwable) e);
                vertex.a(e);
            }
            if (reverseBuilder.a(x509Certificate)) {
                JCPLogger.finer("SunCertPathBuilder.depthFirstSearchReverse(): path completed!");
                this.c = true;
                PolicyNodeImpl policyNodeImpl = reverseState2.i;
                if (policyNodeImpl == null) {
                    this.e = null;
                } else {
                    PolicyNodeImpl b = policyNodeImpl.b();
                    this.e = b;
                    b.a();
                }
                PublicKey publicKey = x509Certificate.getPublicKey();
                this.g = publicKey;
                if ((publicKey instanceof DSAPublicKey) && ((DSAPublicKey) publicKey).getParams() == null) {
                    this.g = BasicChecker.a(this.g, reverseState.b);
                    return;
                }
                return;
            }
            reverseState2.updateState(x509Certificate);
            list.add(new LinkedList());
            vertex.a(list.size() - 1);
            a(new X500Principal(x509Certificate.getSubjectX500Principal().getEncoded()), reverseState2, reverseBuilder, list, linkedList);
            if (this.c) {
                return;
            }
            JCPLogger.finer("SunCertPathBuilder.depthFirstSearchReverse(): backtracking");
            if (!reverseState.isInitial()) {
                reverseBuilder.a(linkedList);
            }
        }
        JCPLogger.finer("SunCertPathBuilder.depthFirstSearchReverse() all certs in this adjacency list checked");
    }

    @Override // java.security.cert.CertPathBuilderSpi
    public CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        X509Certificate certificate;
        if (!(certPathParameters instanceof PKIXBuilderParameters)) {
            throw new InvalidAlgorithmParameterException("inappropriate parameter type, must be an instance of PKIXBuilderParameters");
        }
        PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) certPathParameters;
        this.a = pKIXBuilderParameters;
        Iterator<TrustAnchor> it = pKIXBuilderParameters.getTrustAnchors().iterator();
        while (it.hasNext()) {
            if (it.next().getNameConstraints() != null) {
                throw new InvalidAlgorithmParameterException("name constraints in trust anchor not supported");
            }
        }
        CertSelector targetCertConstraints = this.a.getTargetCertConstraints();
        if (!(targetCertConstraints instanceof java.security.cert.X509CertSelector)) {
            throw new InvalidAlgorithmParameterException("the targetCertConstraints parameter must be an X509CertSelector");
        }
        try {
            X509CertSelector x509CertSelector = new X509CertSelector((java.security.cert.X509CertSelector) targetCertConstraints);
            this.h = x509CertSelector;
            if (x509CertSelector.getSubject() != null) {
                this.d = new X500Principal(this.h.getSubject().getEncoded());
            }
            if (this.d == null && (certificate = this.h.getCertificate()) != null && certificate.getSubjectX500Principal() != null) {
                this.d = new X500Principal(certificate.getSubjectX500Principal().getEncoded());
            }
            ArrayList arrayList = new ArrayList(this.a.getCertStores());
            this.i = arrayList;
            Collections.sort(arrayList, new CertStoreComparator());
            if (this.d == null) {
                this.d = a(this.i, this.h);
            }
            if (this.d == null) {
                throw new InvalidAlgorithmParameterException("Could not determine unique target subject");
            }
            ArrayList arrayList2 = new ArrayList();
            CertPathBuilderResult a = a(true, false, (List) arrayList2);
            if (a == null) {
                JCPLogger.finer("SunCertPathBuilder.engineBuild: 2nd pass");
                arrayList2.clear();
                a = a(true, true, (List) arrayList2);
                if (a == null) {
                    throw new JCPCertPathBuilderException("unable to find valid certification path to requested target", new AdjacencyList(arrayList2));
                }
            }
            return a;
        } catch (IOException e) {
            throw new InvalidAlgorithmParameterException("inappropriate selector parameters", e);
        }
    }
}
