package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes6.dex */
public class n0 extends CertPathBuilderSpi {
    private final Collection a(CertSelector certSelector, List list) throws CertStoreException {
        HashSet hashSet = new HashSet();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            hashSet.addAll(((CertStore) it.next()).getCertificates(certSelector));
        }
        return hashSet;
    }

    private final X509Certificate b(X509Certificate x509Certificate, List list) throws CertPathValidatorException {
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            try {
                Iterator it = a(x509CertSelector, list).iterator();
                X509Certificate x509Certificate2 = null;
                Exception exc = null;
                while (it.hasNext() && x509Certificate2 == null) {
                    x509Certificate2 = (X509Certificate) it.next();
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                    } catch (Exception e6) {
                        exc = e6;
                        x509Certificate2 = null;
                    }
                }
                if (x509Certificate2 == null && exc == null) {
                    throw new CertPathValidatorException("Issuer not found", null, null, -1);
                }
                if (x509Certificate2 != null || exc == null) {
                    return x509Certificate2;
                }
                throw new CertPathValidatorException("issuer found but certificate validation failed", exc, null, -1);
            } catch (CertStoreException e7) {
                throw new CertPathValidatorException(e7);
            }
        } catch (IOException unused) {
            throw new CertPathValidatorException("Issuer not found", null, null, -1);
        }
    }

    final TrustAnchor c(X509Certificate x509Certificate, Set set) throws CertPathBuilderException {
        Iterator it = set.iterator();
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            TrustAnchor trustAnchor = null;
            Exception e6 = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (x509Certificate.getIssuerX500Principal().equals(new X500Principal(trustAnchor.getCAName()))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        x509Certificate.verify(publicKey);
                    } catch (Exception e7) {
                        e6 = e7;
                        trustAnchor = null;
                    }
                }
            }
            if (trustAnchor != null || e6 == null) {
                return trustAnchor;
            }
            throw new CertPathBuilderException("TrustAnchor found put certificate validation failed", e6);
        } catch (IOException unused2) {
            throw new CertPathBuilderException("can't get trust anchor principal", null);
        }
    }

    @Override // java.security.cert.CertPathBuilderSpi
    public CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        X509Certificate b6;
        if (!(certPathParameters instanceof PKIXBuilderParameters)) {
            throw new InvalidAlgorithmParameterException("params must be a PKIXBuilderParameters instance");
        }
        PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) certPathParameters;
        ArrayList arrayList = new ArrayList();
        CertSelector targetCertConstraints = pKIXBuilderParameters.getTargetCertConstraints();
        if (targetCertConstraints == null) {
            throw new CertPathBuilderException("targetCertConstraints must be non-null for CertPath building");
        }
        try {
            Collection<X509Certificate> a6 = a(targetCertConstraints, pKIXBuilderParameters.getCertStores());
            if (a6.isEmpty()) {
                throw new CertPathBuilderException("no certificate found matching targetCertContraints");
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
                CertPath certPath = null;
                Throwable e6 = null;
                for (X509Certificate x509Certificate : a6) {
                    arrayList.clear();
                    while (x509Certificate != null) {
                        arrayList.add(x509Certificate);
                        if (c(x509Certificate, pKIXBuilderParameters.getTrustAnchors()) != null) {
                            try {
                                certPath = certificateFactory.generateCertPath(arrayList);
                                PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPath, pKIXBuilderParameters);
                                return new PKIXCertPathBuilderResult(certPath, pKIXCertPathValidatorResult.getTrustAnchor(), pKIXCertPathValidatorResult.getPolicyTree(), pKIXCertPathValidatorResult.getPublicKey());
                            } catch (CertificateException e7) {
                                e6 = e7;
                            }
                        } else {
                            try {
                                b6 = b(x509Certificate, pKIXBuilderParameters.getCertStores());
                            } catch (CertPathValidatorException e8) {
                                e6 = e8;
                            }
                            x509Certificate = b6.equals(x509Certificate) ? null : b6;
                        }
                        e6 = e8;
                    }
                }
                if (certPath != null) {
                    throw new CertPathBuilderException("found certificate chain, but could not be validated", e6);
                }
                throw new CertPathBuilderException("unable to find certificate chain");
            } catch (Exception e9) {
                throw new CertPathBuilderException("exception creating support classes: " + e9);
            }
        } catch (CertStoreException e10) {
            throw new CertPathBuilderException(e10);
        }
    }
}
