package ru.CryptoPro.reprov.certpath;

import java.io.IOException;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import ru.CryptoPro.AdES.evidence.crl.rfc3280.RFC3280CRLUtility;
import ru.CryptoPro.JCP.JCP;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.cl_9;
import ru.CryptoPro.reprov.x509.PKIXExtensions;
import ru.CryptoPro.reprov.x509.X500Principal;

/* loaded from: classes3.dex */
public final class SunCertPathBuilder extends CertPathBuilderSpi {

    /* renamed from: a, reason: collision with root package name */
    private PKIXBuilderParameters f18533a;

    /* renamed from: b, reason: collision with root package name */
    private CertificateFactory f18534b;

    /* renamed from: c, reason: collision with root package name */
    private boolean f18535c = false;

    /* renamed from: d, reason: collision with root package name */
    private X500Principal f18536d;

    /* renamed from: e, reason: collision with root package name */
    private PolicyNode f18537e;

    /* renamed from: f, reason: collision with root package name */
    private TrustAnchor f18538f;

    /* renamed from: g, reason: collision with root package name */
    private PublicKey f18539g;

    /* renamed from: h, reason: collision with root package name */
    private X509CertSelector f18540h;

    /* renamed from: i, reason: collision with root package name */
    private List f18541i;

    /* renamed from: j, reason: collision with root package name */
    private boolean f18542j;

    /* loaded from: classes3.dex */
    class CertStoreComparator implements Comparator {
        private CertStoreComparator() {
        }

        @Override // java.util.Comparator
        public int compare(CertStore certStore, CertStore certStore2) {
            return Builder.a(certStore) ? -1 : 1;
        }
    }

    public SunCertPathBuilder() {
        this.f18542j = false;
        try {
            this.f18534b = CertificateFactory.getInstance(JCP.CERTIFICATE_FACTORY_NAME);
            this.f18542j = ((Boolean) AccessController.doPrivileged(new GetBooleanSecurityPropertyAction("com.sun.security.onlyCheckRevocationOfEECert"))).booleanValue();
        } catch (CertificateException e10) {
            throw new CertPathBuilderException(e10);
        }
    }

    private CertPathBuilderResult a(boolean z10, boolean z11, List list) {
        this.f18535c = false;
        this.f18538f = null;
        this.f18539g = null;
        this.f18537e = null;
        LinkedList linkedList = new LinkedList();
        try {
            if (z10) {
                a(list, linkedList, z11);
            } else {
                a(list, linkedList);
            }
            try {
                if (!this.f18535c) {
                    return null;
                }
                JCPLogger.finer("SunCertPathBuilder.engineBuild() pathCompleted");
                Collections.reverse(linkedList);
                return new JCPCertPathBuilderResult(this.f18534b.generateCertPath(linkedList), this.f18538f, this.f18537e, this.f18539g, new AdjacencyList(list));
            } catch (Exception e10) {
                JCPLogger.fine("SunCertPathBuilder.engineBuild() exception in wrap-up", (Throwable) e10);
                throw new JCPCertPathBuilderException("unable to find valid certification path to requested target", e10, new AdjacencyList(list));
            }
        } catch (Exception e11) {
            JCPLogger.fine("SunCertPathBuilder.engineBuild() exception in build");
            throw new JCPCertPathBuilderException("unable to find valid certification path to requested target", e11, new AdjacencyList(list));
        }
    }

    private List a(Collection collection, List list) {
        List list2 = (List) list.get(list.size() - 1);
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            list2.add(new Vertex((X509Certificate) it.next()));
        }
        return list2;
    }

    private X500Principal a(List list, X509CertSelector x509CertSelector) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                Collection<? extends Certificate> certificates = ((CertStore) it.next()).getCertificates(x509CertSelector);
                if (certificates.isEmpty()) {
                    continue;
                } else {
                    X509Certificate x509Certificate = (X509Certificate) certificates.iterator().next();
                    if (x509Certificate.getSubjectX500Principal() != null) {
                        return new X500Principal(x509Certificate.getSubjectX500Principal().getEncoded());
                    }
                    continue;
                }
            } catch (CertStoreException e10) {
                JCPLogger.warning("SunCertPathBuilder.getTargetSubjectDN: non-fatal exception retrieving certs: ", (Throwable) e10);
            }
        }
        return null;
    }

    private void a(List list, LinkedList linkedList) {
        JCPLogger.finer("SunCertPathBuilder.buildReverse()...");
        JCPLogger.finer("SunCertPathBuilder.buildReverse() InitialPolicies: ", this.f18533a.getInitialPolicies());
        ReverseState reverseState = new ReverseState();
        list.clear();
        list.add(new LinkedList());
        Iterator<TrustAnchor> it = this.f18533a.getTrustAnchors().iterator();
        do {
            if (it.hasNext()) {
                TrustAnchor next = it.next();
                if (a(next, this.f18540h)) {
                    this.f18538f = next;
                    this.f18535c = true;
                    this.f18539g = next.getTrustedCert().getPublicKey();
                } else {
                    reverseState.initState(this.f18533a.getMaxPathLength(), this.f18533a.isExplicitPolicyRequired(), this.f18533a.isPolicyMappingInhibited(), this.f18533a.isAnyPolicyInhibited(), this.f18533a.getCertPathCheckers());
                    reverseState.updateState(next);
                    reverseState.crlChecker = new CrlRevocationChecker(null, this.f18533a, null, this.f18542j);
                    reverseState.f18529l = new AlgorithmChecker(next);
                    reverseState.f18530m = new UntrustedChecker();
                    try {
                        a((X500Principal) null, reverseState, new ReverseBuilder(this.f18533a, this.f18536d), list, linkedList);
                    } catch (Exception e10) {
                    }
                }
            }
            JCPLogger.finer("SunCertPathBuilder.buildReverse() returned from depthFirstSearchReverse()");
            JCPLogger.finer("SunCertPathBuilder.buildReverse() certPathList.size: ", Integer.valueOf(linkedList.size()));
            return;
        } while (it.hasNext());
        throw e10;
    }

    private void a(List list, LinkedList linkedList, boolean z10) {
        JCPLogger.finer("SunCertPathBuilder.buildForward()...");
        ForwardState forwardState = new ForwardState();
        forwardState.initState(this.f18533a.getCertPathCheckers());
        list.clear();
        list.add(new LinkedList());
        forwardState.crlChecker = new CrlRevocationChecker(null, this.f18533a, null, this.f18542j);
        forwardState.f18458e = new UntrustedChecker();
        a(this.f18536d, forwardState, new ForwardBuilder(this.f18533a, this.f18536d, z10, this.f18542j), list, linkedList);
    }

    private boolean a(TrustAnchor trustAnchor, X509CertSelector x509CertSelector) {
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        if (trustedCert != null) {
            return x509CertSelector.match(trustedCert);
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r14v0 */
    /* JADX WARN: Type inference failed for: r14v1, types: [int, boolean] */
    /* JADX WARN: Type inference failed for: r14v2 */
    /* JADX WARN: Type inference failed for: r14v3 */
    /* JADX WARN: Type inference failed for: r14v8 */
    void a(X500Principal x500Principal, ForwardState forwardState, ForwardBuilder forwardBuilder, List list, LinkedList linkedList) {
        boolean z10;
        Iterator it;
        int i10;
        Set<String> supportedExtensions;
        List list2;
        Iterator it2;
        BasicChecker basicChecker;
        int i11 = 0;
        ?? r14 = 1;
        JCPLogger.finerFormat("SunCertPathBuilder.depthFirstSearchForward({0}, {1})", x500Principal, forwardState);
        List a10 = a(forwardBuilder.a(forwardState, this.f18541i), list);
        JCPLogger.finer("SunCertPathBuilder.depthFirstSearchForward(): certs.size=", Integer.valueOf(a10.size()));
        Iterator it3 = a10.iterator();
        while (it3.hasNext()) {
            Vertex vertex = (Vertex) it3.next();
            ForwardState forwardState2 = (ForwardState) forwardState.clone();
            X509Certificate x509Certificate = (X509Certificate) vertex.getCertificate();
            try {
                forwardBuilder.a(x509Certificate, forwardState2, linkedList);
            } catch (GeneralSecurityException e10) {
                z10 = r14;
                it = it3;
                JCPLogger.ignoredException(e10);
                vertex.a(e10);
            }
            if (forwardBuilder.a(x509Certificate)) {
                JCPLogger.finer("SunCertPathBuilder.depthFirstSearchForward(): commencing final verification");
                ArrayList arrayList = new ArrayList(linkedList);
                if (forwardBuilder.f18443f.getTrustedCert() == null) {
                    arrayList.add(i11, x509Certificate);
                }
                HashSet hashSet = new HashSet((int) r14);
                hashSet.add(RFC3280CRLUtility.ANY_POLICY);
                PolicyChecker policyChecker = new PolicyChecker(this.f18533a.getInitialPolicies(), arrayList.size(), this.f18533a.isExplicitPolicyRequired(), this.f18533a.isPolicyMappingInhibited(), this.f18533a.isAnyPolicyInhibited(), this.f18533a.getPolicyQualifiersRejected(), new PolicyNodeImpl(null, RFC3280CRLUtility.ANY_POLICY, null, false, hashSet, false));
                ArrayList arrayList2 = new ArrayList(this.f18533a.getCertPathCheckers());
                arrayList2.add(i11, policyChecker);
                arrayList2.add(r14, new AlgorithmChecker(forwardBuilder.f18443f));
                BasicChecker basicChecker2 = null;
                if (forwardState2.keyParamsNeeded()) {
                    PublicKey publicKey = x509Certificate.getPublicKey();
                    if (forwardBuilder.f18443f.getTrustedCert() == null) {
                        publicKey = forwardBuilder.f18443f.getCAPublicKey();
                        JCPLogger.finer("SunCertPathBuilder.depthFirstSearchForward using buildParams public key: ", publicKey);
                    }
                    TrustAnchor trustAnchor = new TrustAnchor(x509Certificate.getSubjectX500Principal(), publicKey, (byte[]) null);
                    BasicChecker basicChecker3 = new BasicChecker(trustAnchor, forwardBuilder.f18404c, this.f18533a.getSigProvider(), r14);
                    arrayList2.add(2, basicChecker3);
                    i10 = 3;
                    if (this.f18533a.isRevocationEnabled()) {
                        basicChecker = basicChecker3;
                        arrayList2.add(3, new CrlRevocationChecker(trustAnchor, this.f18533a, null, this.f18542j));
                        i10 = 4;
                    } else {
                        basicChecker = basicChecker3;
                    }
                    basicChecker2 = basicChecker;
                } else {
                    i10 = 2;
                }
                int i12 = 0;
                List list3 = arrayList2;
                while (i12 < arrayList.size()) {
                    X509Certificate x509Certificate2 = (X509Certificate) arrayList.get(i12);
                    JCPLogger.finer("current subject = ", x509Certificate2.getSubjectX500Principal());
                    Set<String> criticalExtensionOIDs = x509Certificate2.getCriticalExtensionOIDs();
                    if (criticalExtensionOIDs == null) {
                        criticalExtensionOIDs = Collections.emptySet();
                    }
                    ArrayList arrayList3 = arrayList;
                    int i13 = 0;
                    List list4 = list3;
                    while (i13 < list4.size()) {
                        PKIXCertPathChecker pKIXCertPathChecker = (PKIXCertPathChecker) list4.get(i13);
                        if (i13 < i10 || !pKIXCertPathChecker.isForwardCheckingSupported()) {
                            if (i12 == 0) {
                                it2 = it3;
                                pKIXCertPathChecker.init(false);
                                if (i13 < i10 || !(pKIXCertPathChecker instanceof AlgorithmChecker)) {
                                    list2 = list4;
                                } else {
                                    list2 = list4;
                                    ((AlgorithmChecker) pKIXCertPathChecker).a(forwardBuilder.f18443f);
                                }
                            } else {
                                list2 = list4;
                                it2 = it3;
                            }
                            try {
                                pKIXCertPathChecker.check(x509Certificate2, criticalExtensionOIDs);
                            } catch (CertPathValidatorException e11) {
                                JCPLogger.subThrown("SunCertPathBuilder.depthFirstSearchForward(): final verification failed: ", e11);
                                vertex.a(e11);
                                it3 = it2;
                                i11 = 0;
                                r14 = 1;
                            }
                        } else {
                            list2 = list4;
                            it2 = it3;
                        }
                        i13++;
                        it3 = it2;
                        list4 = list2;
                    }
                    List list5 = list4;
                    Iterator it4 = it3;
                    for (PKIXCertPathChecker pKIXCertPathChecker2 : this.f18533a.getCertPathCheckers()) {
                        if (pKIXCertPathChecker2.isForwardCheckingSupported() && (supportedExtensions = pKIXCertPathChecker2.getSupportedExtensions()) != null) {
                            criticalExtensionOIDs.removeAll(supportedExtensions);
                        }
                    }
                    if (!criticalExtensionOIDs.isEmpty()) {
                        criticalExtensionOIDs.remove(PKIXExtensions.BasicConstraints_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.NameConstraints_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.CertificatePolicies_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.PolicyMappings_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.PolicyConstraints_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.InhibitAnyPolicy_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.SubjectAlternativeName_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.KeyUsage_Id.toString());
                        criticalExtensionOIDs.remove(PKIXExtensions.ExtendedKeyUsage_Id.toString());
                        if (!criticalExtensionOIDs.isEmpty()) {
                            String str = "Unrecognized critical extension(s): " + criticalExtensionOIDs;
                            JCPLogger.fine(str);
                            if (!cl_9.a()) {
                                throw new CertPathValidatorException(str);
                            }
                            throw new CertPathValidatorException(str, null, null, -1, PKIXReason.UNRECOGNIZED_CRIT_EXT);
                        }
                    }
                    i12++;
                    arrayList = arrayList3;
                    it3 = it4;
                    list3 = list5;
                }
                JCPLogger.finer("SunCertPathBuilder.depthFirstSearchForward(): final verification succeeded - path completed!");
                this.f18535c = true;
                if (forwardBuilder.f18443f.getTrustedCert() == null) {
                    forwardBuilder.a(x509Certificate, linkedList);
                }
                this.f18538f = forwardBuilder.f18443f;
                this.f18539g = basicChecker2 != null ? basicChecker2.a() : (linkedList.size() == 0 ? forwardBuilder.f18443f.getTrustedCert() : (Certificate) linkedList.get(linkedList.size() - 1)).getPublicKey();
                this.f18537e = policyChecker.a();
                return;
            }
            it = it3;
            forwardBuilder.a(x509Certificate, linkedList);
            forwardState2.updateState(x509Certificate);
            list.add(new LinkedList());
            z10 = true;
            vertex.a(list.size() - 1);
            a(new X500Principal(x509Certificate.getIssuerX500Principal().getEncoded()), forwardState2, forwardBuilder, list, linkedList);
            if (this.f18535c) {
                return;
            }
            JCPLogger.finer("SunCertPathBuilder.depthFirstSearchForward(): backtracking");
            forwardBuilder.a(linkedList);
            r14 = z10;
            it3 = it;
            i11 = 0;
        }
    }

    void a(X500Principal x500Principal, ReverseState reverseState, ReverseBuilder reverseBuilder, List list, LinkedList linkedList) {
        JCPLogger.finerFormat("SunCertPathBuilder.depthFirstSearchReverse({0}, {1})", x500Principal, reverseState);
        List<Vertex> a10 = a(reverseBuilder.a((State) reverseState, this.f18541i), list);
        JCPLogger.finer("SunCertPathBuilder.depthFirstSearchReverse(): certs.size=", Integer.valueOf(a10.size()));
        for (Vertex vertex : a10) {
            ReverseState reverseState2 = (ReverseState) reverseState.clone();
            X509Certificate x509Certificate = (X509Certificate) vertex.getCertificate();
            try {
                reverseBuilder.a(x509Certificate, reverseState2, linkedList);
                if (!reverseState.isInitial()) {
                    reverseBuilder.a(x509Certificate, linkedList);
                }
                this.f18538f = reverseState.f18531n;
            } catch (GeneralSecurityException e10) {
                JCPLogger.fine("SunCertPathBuilder.depthFirstSearchReverse(): validation failed: ", (Throwable) e10);
                vertex.a(e10);
            }
            if (reverseBuilder.a(x509Certificate)) {
                JCPLogger.finer("SunCertPathBuilder.depthFirstSearchReverse(): path completed!");
                this.f18535c = true;
                PolicyNodeImpl policyNodeImpl = reverseState2.f18526i;
                if (policyNodeImpl == null) {
                    this.f18537e = null;
                } else {
                    PolicyNodeImpl b10 = policyNodeImpl.b();
                    this.f18537e = b10;
                    b10.a();
                }
                PublicKey publicKey = x509Certificate.getPublicKey();
                this.f18539g = publicKey;
                if ((publicKey instanceof DSAPublicKey) && ((DSAPublicKey) publicKey).getParams() == null) {
                    this.f18539g = BasicChecker.a(this.f18539g, reverseState.f18519b);
                    return;
                }
                return;
            }
            reverseState2.updateState(x509Certificate);
            list.add(new LinkedList());
            vertex.a(list.size() - 1);
            a(new X500Principal(x509Certificate.getSubjectX500Principal().getEncoded()), reverseState2, reverseBuilder, list, linkedList);
            if (this.f18535c) {
                return;
            }
            JCPLogger.finer("SunCertPathBuilder.depthFirstSearchReverse(): backtracking");
            if (!reverseState.isInitial()) {
                reverseBuilder.a(linkedList);
            }
        }
        JCPLogger.finer("SunCertPathBuilder.depthFirstSearchReverse() all certs in this adjacency list checked");
    }

    @Override // java.security.cert.CertPathBuilderSpi
    public CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) {
        X509Certificate certificate;
        if (!(certPathParameters instanceof PKIXBuilderParameters)) {
            throw new InvalidAlgorithmParameterException("inappropriate parameter type, must be an instance of PKIXBuilderParameters");
        }
        PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) certPathParameters;
        this.f18533a = pKIXBuilderParameters;
        Iterator<TrustAnchor> it = pKIXBuilderParameters.getTrustAnchors().iterator();
        while (it.hasNext()) {
            if (it.next().getNameConstraints() != null) {
                throw new InvalidAlgorithmParameterException("name constraints in trust anchor not supported");
            }
        }
        CertSelector targetCertConstraints = this.f18533a.getTargetCertConstraints();
        if (!(targetCertConstraints instanceof java.security.cert.X509CertSelector)) {
            throw new InvalidAlgorithmParameterException("the targetCertConstraints parameter must be an X509CertSelector");
        }
        try {
            X509CertSelector x509CertSelector = new X509CertSelector((java.security.cert.X509CertSelector) targetCertConstraints);
            this.f18540h = x509CertSelector;
            if (x509CertSelector.getSubject() != null) {
                this.f18536d = new X500Principal(this.f18540h.getSubject().getEncoded());
            }
            if (this.f18536d == null && (certificate = this.f18540h.getCertificate()) != null && certificate.getSubjectX500Principal() != null) {
                this.f18536d = new X500Principal(certificate.getSubjectX500Principal().getEncoded());
            }
            ArrayList arrayList = new ArrayList(this.f18533a.getCertStores());
            this.f18541i = arrayList;
            Collections.sort(arrayList, new CertStoreComparator());
            if (this.f18536d == null) {
                this.f18536d = a(this.f18541i, this.f18540h);
            }
            if (this.f18536d == null) {
                throw new InvalidAlgorithmParameterException("Could not determine unique target subject");
            }
            ArrayList arrayList2 = new ArrayList();
            CertPathBuilderResult a10 = a(true, false, (List) arrayList2);
            if (a10 == null) {
                JCPLogger.finer("SunCertPathBuilder.engineBuild: 2nd pass");
                arrayList2.clear();
                a10 = a(true, true, (List) arrayList2);
                if (a10 == null) {
                    throw new JCPCertPathBuilderException("unable to find valid certification path to requested target", new AdjacencyList(arrayList2));
                }
            }
            return a10;
        } catch (IOException e10) {
            throw new InvalidAlgorithmParameterException("inappropriate selector parameters", e10);
        }
    }
}
