package sun.security.provider.certpath;

import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.security.provider.certpath.LDAPCertStore;
import sun.security.util.Debug;
import sun.security.x509.AccessDescription;
import sun.security.x509.AuthorityInfoAccessExtension;
import sun.security.x509.GeneralNameInterface;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.URIName;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class ForwardBuilder extends Builder {
    private static final Debug debug = Debug.getInstance("certpath");
    private LDAPCertStore.LDAPCertSelector caSelector;
    private X509CertSelector caTargetSelector;
    private Comparator<X509Certificate> comparator;
    private Date date;
    private X509CertSelector eeSelector;
    private boolean searchAllCertStores;
    TrustAnchor trustAnchor;
    private final Set<TrustAnchor> trustAnchors;
    private final Set<X509Certificate> trustedCerts;
    private final Set<X500Principal> trustedSubjectDNs;

    /* loaded from: classes4.dex */
    static class PKIXCertComparator implements Comparator<X509Certificate> {
        static final String METHOD_NME = "ForwardBuilder.PKIXCertComparator.compare()";
        private final Set<X500Principal> trustedSubjectDNs;

        PKIXCertComparator(Set<X500Principal> set) {
            this.trustedSubjectDNs = set;
        }

        @Override // java.util.Comparator
        public int compare(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
            int i;
            int i2;
            int i3;
            int i4;
            int i5;
            int i6;
            int i7;
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            X500Principal issuerX500Principal2 = x509Certificate2.getIssuerX500Principal();
            X500Name asX500Name = X500Name.asX500Name(issuerX500Principal);
            X500Name asX500Name2 = X500Name.asX500Name(issuerX500Principal2);
            if (ForwardBuilder.debug != null) {
                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() o1 Issuer:  " + issuerX500Principal.toString());
                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() o2 Issuer:  " + issuerX500Principal2.toString());
            }
            if (ForwardBuilder.debug != null) {
                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() MATCH TRUSTED SUBJECT TEST...");
            }
            for (X500Principal x500Principal : this.trustedSubjectDNs) {
                boolean equals = issuerX500Principal.equals(x500Principal);
                boolean equals2 = issuerX500Principal2.equals(x500Principal);
                if (equals && equals2) {
                    if (ForwardBuilder.debug != null) {
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() m1 && m2; RETURN 0");
                    }
                    return 0;
                }
                if (equals) {
                    if (ForwardBuilder.debug != null) {
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() m1; RETURN -1");
                    }
                    return -1;
                }
                if (equals2) {
                    if (ForwardBuilder.debug != null) {
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() m2; RETURN 1");
                    }
                    return 1;
                }
            }
            if (ForwardBuilder.debug != null) {
                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() NAMING DESCENDANT TEST...");
            }
            Iterator<X500Principal> it = this.trustedSubjectDNs.iterator();
            while (it.hasNext()) {
                X500Name asX500Name3 = X500Name.asX500Name(it.next());
                try {
                    i6 = Builder.distance(asX500Name3, asX500Name);
                } catch (IOException unused) {
                    i6 = -1;
                }
                try {
                    i7 = Builder.distance(asX500Name3, asX500Name2);
                } catch (IOException unused2) {
                    i7 = -1;
                }
                if (ForwardBuilder.debug != null) {
                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1: " + i6);
                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto2: " + i7);
                }
                if (i6 > 0 || i7 > 0) {
                    if (ForwardBuilder.debug != null) {
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 > 0 || distanceTto2 > 0...");
                    }
                    if (i6 == i7) {
                        if (ForwardBuilder.debug != null) {
                            ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 == distanceTto2; RETURN 0");
                        }
                        return 0;
                    }
                    if (i6 > 0 && i7 <= 0) {
                        if (ForwardBuilder.debug != null) {
                            ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 > 0 && distanceTto2 <= 0); RETURN -1");
                        }
                        return -1;
                    }
                    if (i6 <= 0 && i7 > 0) {
                        if (ForwardBuilder.debug != null) {
                            ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 <= 0 && distanceTto2 > 0; RETURN 1");
                        }
                        return 1;
                    }
                    if (i6 < i7) {
                        if (ForwardBuilder.debug != null) {
                            ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 < distance Tto2; RETURN -1");
                        }
                        return -1;
                    }
                    if (ForwardBuilder.debug != null) {
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 >= distanceTto2; RETURN 1");
                    }
                    return 1;
                }
            }
            if (ForwardBuilder.debug != null) {
                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() NAMING ANCESTOR TEST...");
            }
            Iterator<X500Principal> it2 = this.trustedSubjectDNs.iterator();
            do {
                i = Integer.MAX_VALUE;
                if (!it2.hasNext()) {
                    if (ForwardBuilder.debug != null) {
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() SAME NAMESPACE AS TRUSTED TEST...");
                    }
                    Iterator<X500Principal> it3 = this.trustedSubjectDNs.iterator();
                    while (it3.hasNext()) {
                        X500Name asX500Name4 = X500Name.asX500Name(it3.next());
                        X500Name commonAncestor = asX500Name4.commonAncestor(asX500Name);
                        X500Name commonAncestor2 = asX500Name4.commonAncestor(asX500Name2);
                        if (ForwardBuilder.debug != null) {
                            ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() tAo1: " + String.valueOf(commonAncestor));
                            ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() tAo2: " + String.valueOf(commonAncestor2));
                        }
                        if (commonAncestor != null || commonAncestor2 != null) {
                            if (ForwardBuilder.debug != null) {
                                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() tAo1 != null || tAo2 != null...");
                            }
                            if (commonAncestor == null || commonAncestor2 == null) {
                                if (commonAncestor == null) {
                                    if (ForwardBuilder.debug != null) {
                                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() tA01 == null; RETURN 1");
                                    }
                                    return 1;
                                }
                                if (ForwardBuilder.debug != null) {
                                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() tA02 == null; RETURN -1");
                                }
                                return -1;
                            }
                            if (ForwardBuilder.debug != null) {
                                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() tAo1 != null && tAo2 != null...");
                            }
                            try {
                                i3 = Builder.hops(asX500Name4, asX500Name);
                            } catch (IOException e) {
                                if (ForwardBuilder.debug != null) {
                                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() exception in Builder.hops(tSubject, cIssuer1)");
                                    e.printStackTrace();
                                }
                                i3 = Integer.MAX_VALUE;
                            }
                            try {
                                i4 = Builder.hops(asX500Name4, asX500Name2);
                            } catch (IOException e2) {
                                if (ForwardBuilder.debug != null) {
                                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() exception in Builder.hops(tSubject, cIssuer2)");
                                    e2.printStackTrace();
                                }
                                i4 = Integer.MAX_VALUE;
                            }
                            if (ForwardBuilder.debug != null) {
                                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() hopsTto1: " + i3);
                                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() hopsTto2: " + i4);
                            }
                            if (i3 != i4) {
                                if (i3 > i4) {
                                    if (ForwardBuilder.debug != null) {
                                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() hopsTto1 > hopsTto2; RETURN 1");
                                    }
                                    return 1;
                                }
                                if (ForwardBuilder.debug != null) {
                                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() hopsTto1 < hopsTto2; RETURN -1");
                                }
                                return -1;
                            }
                            if (ForwardBuilder.debug != null) {
                                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() hopsTto1 == hopsTto2; continue");
                            }
                        }
                    }
                    if (ForwardBuilder.debug != null) {
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() CERT ISSUER/SUBJECT COMPARISON TEST...");
                    }
                    X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                    X500Principal subjectX500Principal2 = x509Certificate2.getSubjectX500Principal();
                    X500Name asX500Name5 = X500Name.asX500Name(subjectX500Principal);
                    X500Name asX500Name6 = X500Name.asX500Name(subjectX500Principal2);
                    if (ForwardBuilder.debug != null) {
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() o1 Subject: " + subjectX500Principal.toString());
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() o2 Subject: " + subjectX500Principal2.toString());
                    }
                    try {
                        i2 = Builder.distance(asX500Name5, asX500Name);
                    } catch (IOException unused3) {
                        i2 = Integer.MAX_VALUE;
                    }
                    try {
                        i = Builder.distance(asX500Name6, asX500Name2);
                    } catch (IOException unused4) {
                    }
                    if (ForwardBuilder.debug != null) {
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceStoI1: " + i2);
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceStoI2: " + i);
                    }
                    if (i > i2) {
                        if (ForwardBuilder.debug != null) {
                            ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceStoI2 > distanceStoI1; RETURN -1");
                        }
                        return -1;
                    }
                    if (i < i2) {
                        if (ForwardBuilder.debug != null) {
                            ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceStoI2 < distanceStoI1; RETURN 1");
                        }
                        return 1;
                    }
                    if (ForwardBuilder.debug != null) {
                        ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() no tests matched; RETURN 0");
                    }
                    return 0;
                }
                X500Name asX500Name7 = X500Name.asX500Name(it2.next());
                try {
                    i5 = Builder.distance(asX500Name7, asX500Name);
                } catch (IOException unused5) {
                    i5 = Integer.MAX_VALUE;
                }
                try {
                    i = Builder.distance(asX500Name7, asX500Name2);
                } catch (IOException unused6) {
                }
                if (ForwardBuilder.debug != null) {
                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1: " + i5);
                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto2: " + i);
                }
                if (i5 < 0) {
                    break;
                }
            } while (i >= 0);
            if (ForwardBuilder.debug != null) {
                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 < 0 || distanceTto2 < 0...");
            }
            if (i5 == i) {
                if (ForwardBuilder.debug != null) {
                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distance==; RETURN 0");
                }
                return 0;
            }
            if (i5 < 0 && i >= 0) {
                if (ForwardBuilder.debug != null) {
                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 < 0 && distanceTto2 >= 0; RETURN -1");
                }
                return -1;
            }
            if (i5 >= 0 && i < 0) {
                if (ForwardBuilder.debug != null) {
                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 >= 0 && distanceTto2 < 0; RETURN 1");
                }
                return 1;
            }
            if (i5 > i) {
                if (ForwardBuilder.debug != null) {
                    ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 > distanceTto2; RETURN -1");
                }
                return -1;
            }
            if (ForwardBuilder.debug != null) {
                ForwardBuilder.debug.println("ForwardBuilder.PKIXCertComparator.compare() distanceTto1 <= distanceTto2; RETURN 1");
            }
            return 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ForwardBuilder(PKIXBuilderParameters pKIXBuilderParameters, X500Principal x500Principal, boolean z) {
        super(pKIXBuilderParameters, x500Principal);
        this.searchAllCertStores = true;
        this.date = pKIXBuilderParameters.getDate();
        if (this.date == null) {
            this.date = new Date();
        }
        this.trustAnchors = pKIXBuilderParameters.getTrustAnchors();
        this.trustedCerts = new HashSet(this.trustAnchors.size());
        this.trustedSubjectDNs = new HashSet(this.trustAnchors.size());
        for (TrustAnchor trustAnchor : this.trustAnchors) {
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            if (trustedCert != null) {
                this.trustedCerts.add(trustedCert);
                this.trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
            } else {
                this.trustedSubjectDNs.add(CertPathHelper.getCA(trustAnchor));
            }
        }
        this.comparator = new PKIXCertComparator(this.trustedSubjectDNs);
        this.searchAllCertStores = z;
    }

    private Collection<X509Certificate> getCerts(AuthorityInfoAccessExtension authorityInfoAccessExtension) {
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("ForwardBuilder.getCerts: checking AIA ext");
        }
        if (!Builder.USE_AIA) {
            return Collections.emptyList();
        }
        List<AccessDescription> accessDescriptions = authorityInfoAccessExtension.getAccessDescriptions();
        if (accessDescriptions == null || accessDescriptions.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (AccessDescription accessDescription : accessDescriptions) {
            if (accessDescription.getAccessMethod().equals(AccessDescription.Ad_CAISSUERS_Id)) {
                GeneralNameInterface name = accessDescription.getAccessLocation().getName();
                if (name instanceof URIName) {
                    URI uri = ((URIName) name).getURI();
                    if (uri.getScheme().equals("ldap")) {
                        String path = uri.getPath();
                        Debug debug3 = debug;
                        if (debug3 != null) {
                            debug3.println("ForwardBuilder.getCerts: AIA ext URIName:");
                            debug.println("authority: " + uri.getAuthority());
                            debug.println("path: " + path);
                        }
                        if (path.charAt(0) == '/') {
                            path = path.substring(1);
                        }
                        try {
                            CertStore lDAPCertStore = LDAPCertStore.getInstance(LDAPCertStore.getParameters(uri));
                            LDAPCertStore.LDAPCertSelector lDAPCertSelector = (LDAPCertStore.LDAPCertSelector) this.caSelector.clone();
                            lDAPCertSelector.setCertSubject(lDAPCertSelector.getSubject());
                            lDAPCertSelector.setSubject(path);
                            Collection<? extends Certificate> certificates = lDAPCertStore.getCertificates(lDAPCertSelector);
                            if (debug != null) {
                                debug.println("ForwardBuilder.getCerts(AIA): found " + certificates.size() + " certs");
                            }
                            arrayList.addAll(certificates);
                            if (!this.searchAllCertStores && !arrayList.isEmpty()) {
                                return arrayList;
                            }
                        } catch (Exception e) {
                            Debug debug4 = debug;
                            if (debug4 != null) {
                                debug4.println("ForwardBuilder.getCerts(AIA): exception while fetching certs from CertStore: " + ((Object) e));
                                e.printStackTrace();
                            }
                        }
                    } else {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return arrayList;
    }

    private Collection<X509Certificate> getMatchingCACerts(ForwardState forwardState, List<CertStore> list) throws CertificateException, CertStoreException, IOException {
        X509CertSelector x509CertSelector;
        AuthorityInfoAccessExtension authorityInfoAccessExtension;
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("ForwardBuilder.getMatchingCACerts()...");
        }
        ArrayList arrayList = new ArrayList();
        if (forwardState.isInitial()) {
            X509CertSelector x509CertSelector2 = (X509CertSelector) this.buildParams.getTargetCertConstraints();
            if (x509CertSelector2.getBasicConstraints() == -2) {
                return arrayList;
            }
            Debug debug3 = debug;
            if (debug3 != null) {
                debug3.println("ForwardBuilder.getMatchingCACerts(): ca is target");
            }
            if (this.caTargetSelector == null) {
                this.caTargetSelector = x509CertSelector2;
                this.caTargetSelector.setCertificateValid(this.date);
                if (this.buildParams.isExplicitPolicyRequired()) {
                    this.caTargetSelector.setPolicy(getMatchingPolicies());
                }
            }
            this.caTargetSelector.setBasicConstraints(forwardState.traversedCACerts);
            x509CertSelector = this.caTargetSelector;
        } else {
            if (this.caSelector == null) {
                this.caSelector = new LDAPCertStore.LDAPCertSelector();
                this.caSelector.setCertificateValid(this.date);
                if (this.buildParams.isExplicitPolicyRequired()) {
                    this.caSelector.setPolicy(getMatchingPolicies());
                }
            }
            CertPathHelper.setSubject(this.caSelector, forwardState.issuerDN);
            CertPathHelper.setPathToNames(this.caSelector, forwardState.subjectNamesTraversed);
            this.caSelector.setBasicConstraints(forwardState.traversedCACerts);
            x509CertSelector = this.caSelector;
        }
        X509CertSelector x509CertSelector3 = new X509CertSelector();
        if (forwardState.isInitial()) {
            x509CertSelector3 = (X509CertSelector) this.buildParams.getTargetCertConstraints();
        } else {
            CertPathHelper.setSubject(x509CertSelector3, forwardState.issuerDN);
        }
        for (X509Certificate x509Certificate : this.trustedCerts) {
            if (x509CertSelector3.match(x509Certificate)) {
                Debug debug4 = debug;
                if (debug4 != null) {
                    debug4.println("ForwardBuilder.getMatchingCACerts: found matching trust anchor");
                }
                arrayList.add(x509Certificate);
            }
        }
        if (!this.searchAllCertStores && !arrayList.isEmpty()) {
            return arrayList;
        }
        if (forwardState.isInitial() || this.buildParams.getMaxPathLength() == -1 || this.buildParams.getMaxPathLength() > forwardState.traversedCACerts) {
            addMatchingCerts(x509CertSelector, list, arrayList, this.searchAllCertStores);
        }
        if (!this.searchAllCertStores && !arrayList.isEmpty()) {
            return arrayList;
        }
        if (!forwardState.isInitial() && (authorityInfoAccessExtension = forwardState.cert.getAuthorityInfoAccessExtension()) != null) {
            arrayList.addAll(getCerts(authorityInfoAccessExtension));
        }
        Debug debug5 = debug;
        if (debug5 != null) {
            debug5.println("ForwardBuilder.getMatchingCACerts: found " + arrayList.size() + " forward certs");
        }
        return arrayList;
    }

    private Collection<X509Certificate> getMatchingEECerts(ForwardState forwardState, List<CertStore> list) throws CertStoreException, CertificateException, IOException {
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("ForwardBuilder.getMatchingEECerts()...");
        }
        if (this.eeSelector == null) {
            this.eeSelector = (X509CertSelector) this.buildParams.getTargetCertConstraints();
            this.eeSelector.setCertificateValid(this.date);
            if (this.buildParams.isExplicitPolicyRequired()) {
                this.eeSelector.setPolicy(getMatchingPolicies());
            }
            this.eeSelector.setBasicConstraints(-2);
        }
        HashSet hashSet = new HashSet();
        addMatchingCerts(this.eeSelector, list, hashSet, this.searchAllCertStores);
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.provider.certpath.Builder
    public void addCertToPath(X509Certificate x509Certificate, LinkedList<X509Certificate> linkedList) {
        linkedList.addFirst(x509Certificate);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.provider.certpath.Builder
    public Collection<X509Certificate> getMatchingCerts(State state, List<CertStore> list) throws CertStoreException, CertificateException, IOException {
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("ForwardBuilder.getMatchingCerts()...");
        }
        ForwardState forwardState = (ForwardState) state;
        ArrayList arrayList = new ArrayList();
        if (forwardState.isInitial()) {
            arrayList.addAll(getMatchingEECerts(forwardState, list));
        }
        arrayList.addAll(getMatchingCACerts(forwardState, list));
        Collections.sort(arrayList, this.comparator);
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.provider.certpath.Builder
    public boolean isPathCompleted(X509Certificate x509Certificate) {
        for (TrustAnchor trustAnchor : this.trustAnchors) {
            if (trustAnchor.getTrustedCert() != null) {
                if (x509Certificate.equals(trustAnchor.getTrustedCert())) {
                    this.trustAnchor = trustAnchor;
                    return true;
                }
            } else if (CertPathHelper.getCA(trustAnchor).equals(x509Certificate.getIssuerX500Principal())) {
                if (this.buildParams.isRevocationEnabled()) {
                    try {
                        new CrlRevocationChecker(trustAnchor.getCAPublicKey(), this.buildParams).check(x509Certificate, trustAnchor.getCAPublicKey(), true);
                    } catch (CertPathValidatorException e) {
                        Debug debug2 = debug;
                        if (debug2 != null) {
                            debug2.println("ForwardBuilder.isPathCompleted() cpve");
                            e.printStackTrace();
                        }
                    } catch (Exception e2) {
                        Debug debug3 = debug;
                        if (debug3 != null) {
                            debug3.println("ForwardBuilder.isPathCompleted() unexpected exception");
                            e2.printStackTrace();
                        }
                    }
                }
                try {
                    x509Certificate.verify(trustAnchor.getCAPublicKey(), this.buildParams.getSigProvider());
                    this.trustAnchor = trustAnchor;
                    return true;
                } catch (InvalidKeyException unused) {
                    Debug debug4 = debug;
                    if (debug4 != null) {
                        debug4.println("ForwardBuilder.isPathCompleted() invalid DSA key found");
                    }
                } catch (Exception e3) {
                    Debug debug5 = debug;
                    if (debug5 != null) {
                        debug5.println("ForwardBuilder.isPathCompleted() 2 unexpected exception");
                        e3.printStackTrace();
                    }
                }
            } else {
                continue;
            }
        }
        return false;
    }

    boolean isTrustedCert(X509Certificate x509Certificate) {
        return this.trustedCerts.contains(x509Certificate);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.provider.certpath.Builder
    public void removeFinalCertFromPath(LinkedList<X509Certificate> linkedList) {
        linkedList.removeFirst();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.provider.certpath.Builder
    public void verifyCert(X509Certificate x509Certificate, State state, List<X509Certificate> list) throws GeneralSecurityException {
        Collection<?> supportedExtensions;
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("ForwardBuilder.verifyCert(SN: " + Debug.toHexString(x509Certificate.getSerialNumber()) + "\n  Issuer: " + ((Object) x509Certificate.getIssuerX500Principal()) + ")\n  Subject: " + ((Object) x509Certificate.getSubjectX500Principal()) + ")");
        }
        ForwardState forwardState = (ForwardState) state;
        forwardState.untrustedChecker.check(x509Certificate, Collections.emptySet());
        if (list != null) {
            boolean z = false;
            for (X509Certificate x509Certificate2 : list) {
                if (X509CertImpl.toImpl(x509Certificate2).getPolicyMappingsExtension() != null) {
                    z = true;
                }
                Debug debug3 = debug;
                if (debug3 != null) {
                    debug3.println("policyMappingFound = " + z);
                }
                if (x509Certificate.equals(x509Certificate2) && (this.buildParams.isPolicyMappingInhibited() || !z)) {
                    Debug debug4 = debug;
                    if (debug4 != null) {
                        debug4.println("loop detected!!");
                    }
                    throw new CertPathValidatorException("loop detected");
                }
            }
        }
        boolean isTrustedCert = isTrustedCert(x509Certificate);
        if (!isTrustedCert) {
            AlgorithmChecker.check(x509Certificate);
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs == null) {
                criticalExtensionOIDs = Collections.emptySet();
            }
            Iterator<PKIXCertPathChecker> it = forwardState.forwardCheckers.iterator();
            while (it.hasNext()) {
                it.next().check(x509Certificate, criticalExtensionOIDs);
            }
            for (PKIXCertPathChecker pKIXCertPathChecker : this.buildParams.getCertPathCheckers()) {
                if (!pKIXCertPathChecker.isForwardCheckingSupported() && (supportedExtensions = pKIXCertPathChecker.getSupportedExtensions()) != null) {
                    criticalExtensionOIDs.removeAll(supportedExtensions);
                }
            }
            if (!criticalExtensionOIDs.isEmpty()) {
                criticalExtensionOIDs.remove(PKIXExtensions.BasicConstraints_Id.toString());
                criticalExtensionOIDs.remove(PKIXExtensions.NameConstraints_Id.toString());
                criticalExtensionOIDs.remove(PKIXExtensions.CertificatePolicies_Id.toString());
                criticalExtensionOIDs.remove(PKIXExtensions.PolicyMappings_Id.toString());
                criticalExtensionOIDs.remove(PKIXExtensions.PolicyConstraints_Id.toString());
                criticalExtensionOIDs.remove(PKIXExtensions.InhibitAnyPolicy_Id.toString());
                criticalExtensionOIDs.remove(PKIXExtensions.SubjectAlternativeName_Id.toString());
                criticalExtensionOIDs.remove(PKIXExtensions.KeyUsage_Id.toString());
                criticalExtensionOIDs.remove(PKIXExtensions.ExtendedKeyUsage_Id.toString());
                if (!criticalExtensionOIDs.isEmpty()) {
                    throw new CertificateException("Unrecognized critical extension(s)");
                }
            }
        }
        if (forwardState.isInitial()) {
            return;
        }
        if (!isTrustedCert) {
            if (x509Certificate.getBasicConstraints() == -1) {
                throw new CertificateException("cert is NOT a CA cert");
            }
            KeyChecker.verifyCAKeyUsage(x509Certificate);
        }
        if (this.buildParams.isRevocationEnabled() && forwardState.crlChecker.certCanSignCrl(x509Certificate) && !forwardState.keyParamsNeeded()) {
            forwardState.crlChecker.check(forwardState.cert, x509Certificate.getPublicKey(), true);
        }
        if (forwardState.keyParamsNeeded()) {
            return;
        }
        forwardState.cert.verify(x509Certificate.getPublicKey(), this.buildParams.getSigProvider());
    }
}
