package ru.CryptoPro.reprov.certpath;

import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.Set;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.cl_9;
import ru.CryptoPro.reprov.x509.X500Name;
import ru.CryptoPro.reprov.x509.X500Principal;
import ru.CryptoPro.reprov.x509.X509CertImpl;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class BasicChecker extends PKIXCertPathChecker {

    /* renamed from: a, reason: collision with root package name */
    private final PublicKey f18390a;

    /* renamed from: b, reason: collision with root package name */
    private final X500Principal f18391b;

    /* renamed from: c, reason: collision with root package name */
    private final Date f18392c;

    /* renamed from: d, reason: collision with root package name */
    private final String f18393d;

    /* renamed from: e, reason: collision with root package name */
    private final boolean f18394e;

    /* renamed from: f, reason: collision with root package name */
    private X500Principal f18395f;

    /* renamed from: g, reason: collision with root package name */
    private PublicKey f18396g;

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicChecker(TrustAnchor trustAnchor, Date date, String str, boolean z10) {
        X500Principal x500Principal;
        if (trustAnchor.getTrustedCert() != null) {
            this.f18390a = trustAnchor.getTrustedCert().getPublicKey();
            if (trustAnchor.getTrustedCert().getSubjectX500Principal() != null) {
                x500Principal = new X500Principal(trustAnchor.getTrustedCert().getSubjectX500Principal().getEncoded());
                this.f18391b = x500Principal;
            }
            this.f18391b = null;
        } else {
            this.f18390a = trustAnchor.getCAPublicKey();
            if (trustAnchor.getCA() != null) {
                x500Principal = new X500Principal(trustAnchor.getCA().getEncoded());
                this.f18391b = x500Principal;
            }
            this.f18391b = null;
        }
        this.f18392c = date;
        this.f18393d = str;
        this.f18394e = z10;
        init(false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey a(PublicKey publicKey, PublicKey publicKey2) {
        if (!(publicKey instanceof DSAPublicKey) || !(publicKey2 instanceof DSAPublicKey)) {
            throw new CertPathValidatorException("Input key is not appropriate type for inheriting parameters");
        }
        DSAParams params = ((DSAPublicKey) publicKey2).getParams();
        if (params == null) {
            throw new CertPathValidatorException("Key parameters missing");
        }
        try {
            return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(((DSAPublicKey) publicKey).getY(), params.getP(), params.getQ(), params.getG()));
        } catch (GeneralSecurityException e10) {
            throw new CertPathValidatorException("Unable to generate key with inherited parameters: " + e10.getMessage(), e10);
        }
    }

    private void a(X509Certificate x509Certificate) {
        PublicKey publicKey = x509Certificate.getPublicKey();
        JCPLogger.finerFormat("BasicChecker.updateState issuer: {0}; subject: {1}; serial#: {2}", x509Certificate.getIssuerX500Principal(), x509Certificate.getSubjectX500Principal(), x509Certificate.getSerialNumber());
        if ((publicKey instanceof DSAPublicKey) && ((DSAPublicKey) publicKey).getParams() == null) {
            publicKey = a(publicKey, this.f18396g);
            JCPLogger.finer("BasicChecker.updateState Made key with inherited params");
        }
        this.f18396g = publicKey;
        if (x509Certificate.getSubjectX500Principal() != null) {
            this.f18395f = new X500Principal(x509Certificate.getSubjectX500Principal().getEncoded());
        }
    }

    private void a(X509Certificate x509Certificate, PublicKey publicKey, String str) {
        JCPLogger.finerFormat("---checking {0}...", X509CertImpl.SIGNATURE);
        try {
            x509Certificate.verify(publicKey, str);
            JCPLogger.finerFormat("{0} verified.", X509CertImpl.SIGNATURE);
        } catch (SignatureException e10) {
            if (cl_9.a()) {
                throw new CertPathValidatorException(X509CertImpl.SIGNATURE + " check failed", e10, null, -1, CertPathValidatorException.BasicReason.INVALID_SIGNATURE);
            }
            throw new CertPathValidatorException(X509CertImpl.SIGNATURE + " check failed", e10);
        } catch (Exception e11) {
            throw new CertPathValidatorException(X509CertImpl.SIGNATURE + " check failed", e11);
        }
    }

    private void a(X509Certificate x509Certificate, Date date) {
        JCPLogger.finerFormat("---checking {0}: {1}...", "timestamp", date);
        try {
            x509Certificate.checkValidity(date);
            JCPLogger.finerFormat("{0} verified.", "timestamp");
        } catch (CertificateExpiredException e10) {
            if (cl_9.a()) {
                throw new CertPathValidatorException("timestamp check failed", e10, null, -1, CertPathValidatorException.BasicReason.EXPIRED);
            }
            throw new CertPathValidatorException("timestamp check failed", e10);
        } catch (CertificateNotYetValidException e11) {
            if (cl_9.a()) {
                throw new CertPathValidatorException("timestamp check failed", e11, null, -1, CertPathValidatorException.BasicReason.NOT_YET_VALID);
            }
            throw new CertPathValidatorException("timestamp check failed", e11);
        }
    }

    private void a(X509Certificate x509Certificate, X500Principal x500Principal) {
        if (x500Principal != null) {
            JCPLogger.finerFormat("---checking {0}...", "subject/issuer name chaining");
            X500Principal x500Principal2 = x509Certificate.getIssuerX500Principal() != null ? new X500Principal(x509Certificate.getIssuerX500Principal().getEncoded()) : null;
            if (X500Name.asX500Name(x500Principal2).isEmpty()) {
                if (cl_9.a()) {
                    throw new CertPathValidatorException("subject/issuer name chaining check failed: empty/null issuer DN in certificate is invalid", null, null, -1, PKIXReason.NAME_CHAINING);
                }
                throw new CertPathValidatorException("subject/issuer name chaining check failed: empty/null issuer DN in certificate is invalid");
            }
            if (x500Principal2.equals(x500Principal)) {
                JCPLogger.finerFormat("{0} verified.", "subject/issuer name chaining");
                return;
            }
            if (cl_9.a()) {
                throw new CertPathValidatorException("subject/issuer name chaining check failed", null, null, -1, PKIXReason.NAME_CHAINING);
            }
            throw new CertPathValidatorException("subject/issuer name chaining check failed");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PublicKey a() {
        return this.f18396g;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!this.f18394e) {
            a(x509Certificate, this.f18392c);
            a(x509Certificate, this.f18395f);
        }
        a(x509Certificate, this.f18396g, this.f18393d);
        a(x509Certificate);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z10) {
        if (z10) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f18396g = this.f18390a;
        this.f18395f = this.f18391b;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
