package sun.security.provider.certpath;

import com.android.internal.org.bouncycastle.jce.provider.RFC3280CertPathUtilities;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathChecker;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.security.provider.certpath.PKIX;
import sun.security.util.Debug;
import sun.security.x509.PKIXExtensions;

/* loaded from: classes8.dex */
public final class SunCertPathBuilder extends CertPathBuilderSpi {
    private static final Debug debug = Debug.getInstance("certpath");
    private PKIX.BuilderParams buildParams;
    private CertificateFactory cf;
    private PublicKey finalPublicKey;
    private boolean pathCompleted = false;
    private PolicyNode policyTreeResult;
    private TrustAnchor trustAnchor;

    public SunCertPathBuilder() throws CertPathBuilderException {
        try {
            this.cf = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new CertPathBuilderException(e);
        }
    }

    private static List<Vertex> addVertices(Collection<X509Certificate> collection, List<List<Vertex>> list) {
        List<Vertex> list2 = list.get(list.size() - 1);
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            list2.add(new Vertex(it.next()));
        }
        return list2;
    }

    private static boolean anchorIsTarget(TrustAnchor trustAnchor, CertSelector certSelector) {
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        if (trustedCert != null) {
            return certSelector.match(trustedCert);
        }
        return false;
    }

    private PKIXCertPathBuilderResult build() throws CertPathBuilderException {
        ArrayList arrayList = new ArrayList();
        PKIXCertPathBuilderResult buildCertPath = buildCertPath(false, arrayList);
        if (buildCertPath == null) {
            Debug debug2 = debug;
            if (debug2 != null) {
                debug2.println("SunCertPathBuilder.engineBuild: 2nd pass; try building again searching all certstores");
            }
            arrayList.clear();
            buildCertPath = buildCertPath(true, arrayList);
            if (buildCertPath == null) {
                throw new SunCertPathBuilderException("unable to find valid certification path to requested target", new AdjacencyList(arrayList));
            }
        }
        return buildCertPath;
    }

    private PKIXCertPathBuilderResult buildCertPath(boolean z, List<List<Vertex>> list) throws CertPathBuilderException {
        this.pathCompleted = false;
        this.trustAnchor = null;
        this.finalPublicKey = null;
        this.policyTreeResult = null;
        LinkedList<X509Certificate> linkedList = new LinkedList<>();
        try {
            buildForward(list, linkedList, z);
            try {
                if (!this.pathCompleted) {
                    return null;
                }
                Debug debug2 = debug;
                if (debug2 != null) {
                    debug2.println("SunCertPathBuilder.engineBuild() pathCompleted");
                }
                Collections.reverse(linkedList);
                return new SunCertPathBuilderResult(this.cf.generateCertPath(linkedList), this.trustAnchor, this.policyTreeResult, this.finalPublicKey, new AdjacencyList(list));
            } catch (CertificateException e) {
                Debug debug3 = debug;
                if (debug3 != null) {
                    debug3.println("SunCertPathBuilder.engineBuild() exception in wrap-up");
                    e.printStackTrace();
                }
                throw new SunCertPathBuilderException("unable to find valid certification path to requested target", e, new AdjacencyList(list));
            }
        } catch (IOException | GeneralSecurityException e2) {
            Debug debug4 = debug;
            if (debug4 != null) {
                debug4.println("SunCertPathBuilder.engineBuild() exception in build");
                e2.printStackTrace();
            }
            throw new SunCertPathBuilderException("unable to find valid certification path to requested target", e2, new AdjacencyList(list));
        }
    }

    private void buildForward(List<List<Vertex>> list, LinkedList<X509Certificate> linkedList, boolean z) throws GeneralSecurityException, IOException {
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("SunCertPathBuilder.buildForward()...");
        }
        ForwardState forwardState = new ForwardState();
        forwardState.initState(this.buildParams.certPathCheckers());
        list.clear();
        list.add(new LinkedList());
        depthFirstSearchForward(this.buildParams.targetSubject(), forwardState, new ForwardBuilder(this.buildParams, z), list, linkedList);
    }

    private void depthFirstSearchForward(X500Principal x500Principal, ForwardState forwardState, ForwardBuilder forwardBuilder, List<List<Vertex>> list, LinkedList<X509Certificate> linkedList) throws GeneralSecurityException, IOException {
        Collection<X509Certificate> collection;
        List<Vertex> list2;
        ArrayList arrayList;
        List<PKIXCertPathChecker> list3;
        Set<String> supportedExtensions;
        Iterator it;
        ArrayList arrayList2;
        Iterator<Vertex> it2;
        boolean z;
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("SunCertPathBuilder.depthFirstSearchForward(" + x500Principal + ", " + forwardState.toString() + ")");
        }
        Collection<X509Certificate> matchingCerts = forwardBuilder.getMatchingCerts(forwardState, this.buildParams.certStores());
        List<Vertex> addVertices = addVertices(matchingCerts, list);
        if (debug2 != null) {
            debug2.println("SunCertPathBuilder.depthFirstSearchForward(): certs.size=" + addVertices.size());
        }
        Iterator<Vertex> it3 = addVertices.iterator();
        while (it3.hasNext()) {
            Vertex next = it3.next();
            ForwardState forwardState2 = (ForwardState) forwardState.clone();
            X509Certificate certificate = next.getCertificate();
            try {
                forwardBuilder.verifyCert(certificate, forwardState2, linkedList);
                if (forwardBuilder.isPathCompleted(certificate)) {
                    Debug debug3 = debug;
                    if (debug3 != null) {
                        debug3.println("SunCertPathBuilder.depthFirstSearchForward(): commencing final verification");
                    }
                    ArrayList arrayList3 = new ArrayList(linkedList);
                    if (forwardBuilder.trustAnchor.getTrustedCert() == null) {
                        arrayList3.add(0, certificate);
                    }
                    PolicyNodeImpl policyNodeImpl = new PolicyNodeImpl(null, RFC3280CertPathUtilities.ANY_POLICY, null, false, Collections.singleton(RFC3280CertPathUtilities.ANY_POLICY), false);
                    ArrayList arrayList4 = new ArrayList();
                    PolicyChecker policyChecker = new PolicyChecker(this.buildParams.initialPolicies(), arrayList3.size(), this.buildParams.explicitPolicyRequired(), this.buildParams.policyMappingInhibited(), this.buildParams.anyPolicyInhibited(), this.buildParams.policyQualifiersRejected(), policyNodeImpl);
                    ArrayList arrayList5 = arrayList4;
                    arrayList5.add(policyChecker);
                    arrayList5.add(new AlgorithmChecker(forwardBuilder.trustAnchor));
                    BasicChecker basicChecker = null;
                    if (forwardState2.keyParamsNeeded()) {
                        PublicKey publicKey = certificate.getPublicKey();
                        if (forwardBuilder.trustAnchor.getTrustedCert() == null) {
                            publicKey = forwardBuilder.trustAnchor.getCAPublicKey();
                            if (debug3 != null) {
                                StringBuilder sb = new StringBuilder();
                                collection = matchingCerts;
                                sb.append("SunCertPathBuilder.depthFirstSearchForward using buildParams public key: ");
                                sb.append(publicKey.toString());
                                debug3.println(sb.toString());
                            } else {
                                collection = matchingCerts;
                            }
                        } else {
                            collection = matchingCerts;
                        }
                        list2 = addVertices;
                        basicChecker = new BasicChecker(new TrustAnchor(certificate.getSubjectX500Principal(), publicKey, (byte[]) null), this.buildParams.date(), this.buildParams.sigProvider(), true);
                        arrayList5.add(basicChecker);
                    } else {
                        collection = matchingCerts;
                        list2 = addVertices;
                    }
                    this.buildParams.setCertPath(this.cf.generateCertPath(arrayList3));
                    List<PKIXCertPathChecker> certPathCheckers = this.buildParams.certPathCheckers();
                    Iterator<PKIXCertPathChecker> it4 = certPathCheckers.iterator();
                    boolean z2 = false;
                    while (it4.hasNext()) {
                        PKIXCertPathChecker next2 = it4.next();
                        Iterator<PKIXCertPathChecker> it5 = it4;
                        if (next2 instanceof PKIXRevocationChecker) {
                            if (z2) {
                                throw new CertPathValidatorException("Only one PKIXRevocationChecker can be specified");
                            }
                            if (next2 instanceof RevocationChecker) {
                                z = true;
                                ((RevocationChecker) next2).init(forwardBuilder.trustAnchor, this.buildParams);
                            } else {
                                z = true;
                            }
                            z2 = z;
                        }
                        it4 = it5;
                    }
                    if (this.buildParams.revocationEnabled() && !z2) {
                        arrayList5.add(new RevocationChecker(forwardBuilder.trustAnchor, this.buildParams));
                    }
                    arrayList5.addAll(certPathCheckers);
                    int i = 0;
                    while (i < arrayList3.size()) {
                        X509Certificate x509Certificate = (X509Certificate) arrayList3.get(i);
                        Debug debug4 = debug;
                        if (debug4 != null) {
                            arrayList = arrayList3;
                            StringBuilder sb2 = new StringBuilder();
                            list3 = certPathCheckers;
                            sb2.append("current subject = ");
                            sb2.append(x509Certificate.getSubjectX500Principal());
                            debug4.println(sb2.toString());
                        } else {
                            arrayList = arrayList3;
                            list3 = certPathCheckers;
                        }
                        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
                        Set<String> emptySet = criticalExtensionOIDs == null ? Collections.emptySet() : criticalExtensionOIDs;
                        Iterator it6 = arrayList5.iterator();
                        while (it6.hasNext()) {
                            PKIXCertPathChecker pKIXCertPathChecker = (PKIXCertPathChecker) it6.next();
                            if (pKIXCertPathChecker.isForwardCheckingSupported()) {
                                it = it6;
                                arrayList2 = arrayList5;
                            } else {
                                if (i == 0) {
                                    it = it6;
                                    pKIXCertPathChecker.init(false);
                                    if (pKIXCertPathChecker instanceof AlgorithmChecker) {
                                        arrayList2 = arrayList5;
                                        ((AlgorithmChecker) pKIXCertPathChecker).trySetTrustAnchor(forwardBuilder.trustAnchor);
                                    } else {
                                        arrayList2 = arrayList5;
                                    }
                                } else {
                                    it = it6;
                                    arrayList2 = arrayList5;
                                }
                                try {
                                    pKIXCertPathChecker.check(x509Certificate, emptySet);
                                } catch (CertPathValidatorException e) {
                                    if (debug != null) {
                                        Debug debug5 = debug;
                                        StringBuilder sb3 = new StringBuilder();
                                        it2 = it3;
                                        sb3.append("SunCertPathBuilder.depthFirstSearchForward(): final verification failed: ");
                                        sb3.append(e);
                                        debug5.println(sb3.toString());
                                    } else {
                                        it2 = it3;
                                    }
                                    if (this.buildParams.targetCertConstraints().match(x509Certificate) && e.getReason() == CertPathValidatorException.BasicReason.REVOKED) {
                                        throw e;
                                    }
                                    next.setThrowable(e);
                                    matchingCerts = collection;
                                    addVertices = list2;
                                    it3 = it2;
                                }
                            }
                            it6 = it;
                            arrayList5 = arrayList2;
                            it3 = it3;
                        }
                        ArrayList arrayList6 = arrayList5;
                        Iterator<Vertex> it7 = it3;
                        for (PKIXCertPathChecker pKIXCertPathChecker2 : this.buildParams.certPathCheckers()) {
                            if (pKIXCertPathChecker2.isForwardCheckingSupported() && (supportedExtensions = pKIXCertPathChecker2.getSupportedExtensions()) != null) {
                                emptySet.removeAll(supportedExtensions);
                            }
                        }
                        if (!emptySet.isEmpty()) {
                            emptySet.remove(PKIXExtensions.BasicConstraints_Id.toString());
                            emptySet.remove(PKIXExtensions.NameConstraints_Id.toString());
                            emptySet.remove(PKIXExtensions.CertificatePolicies_Id.toString());
                            emptySet.remove(PKIXExtensions.PolicyMappings_Id.toString());
                            emptySet.remove(PKIXExtensions.PolicyConstraints_Id.toString());
                            emptySet.remove(PKIXExtensions.InhibitAnyPolicy_Id.toString());
                            emptySet.remove(PKIXExtensions.SubjectAlternativeName_Id.toString());
                            emptySet.remove(PKIXExtensions.KeyUsage_Id.toString());
                            emptySet.remove(PKIXExtensions.ExtendedKeyUsage_Id.toString());
                            if (!emptySet.isEmpty()) {
                                throw new CertPathValidatorException("unrecognized critical extension(s)", null, null, -1, PKIXReason.UNRECOGNIZED_CRIT_EXT);
                            }
                        }
                        i++;
                        arrayList3 = arrayList;
                        certPathCheckers = list3;
                        arrayList5 = arrayList6;
                        it3 = it7;
                    }
                    Debug debug6 = debug;
                    if (debug6 != null) {
                        debug6.println("SunCertPathBuilder.depthFirstSearchForward(): final verification succeeded - path completed!");
                    }
                    this.pathCompleted = true;
                    if (forwardBuilder.trustAnchor.getTrustedCert() == null) {
                        forwardBuilder.addCertToPath(certificate, linkedList);
                    }
                    this.trustAnchor = forwardBuilder.trustAnchor;
                    if (basicChecker != null) {
                        this.finalPublicKey = basicChecker.getPublicKey();
                    } else {
                        this.finalPublicKey = (linkedList.isEmpty() ? forwardBuilder.trustAnchor.getTrustedCert() : linkedList.getLast()).getPublicKey();
                    }
                    this.policyTreeResult = policyChecker.getPolicyTree();
                    return;
                }
                Collection<X509Certificate> collection2 = matchingCerts;
                List<Vertex> list4 = addVertices;
                Iterator<Vertex> it8 = it3;
                forwardBuilder.addCertToPath(certificate, linkedList);
                forwardState2.updateState(certificate);
                list.add(new LinkedList());
                next.setIndex(list.size() - 1);
                depthFirstSearchForward(certificate.getIssuerX500Principal(), forwardState2, forwardBuilder, list, linkedList);
                if (this.pathCompleted) {
                    return;
                }
                Debug debug7 = debug;
                if (debug7 != null) {
                    debug7.println("SunCertPathBuilder.depthFirstSearchForward(): backtracking");
                }
                forwardBuilder.removeFinalCertFromPath(linkedList);
                matchingCerts = collection2;
                addVertices = list4;
                it3 = it8;
            } catch (GeneralSecurityException e2) {
                Collection<X509Certificate> collection3 = matchingCerts;
                List<Vertex> list5 = addVertices;
                Iterator<Vertex> it9 = it3;
                if (debug != null) {
                    debug.println("SunCertPathBuilder.depthFirstSearchForward(): validation failed: " + e2);
                    e2.printStackTrace();
                }
                next.setThrowable(e2);
                matchingCerts = collection3;
                addVertices = list5;
                it3 = it9;
            }
        }
    }

    @Override // java.security.cert.CertPathBuilderSpi
    public CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("SunCertPathBuilder.engineBuild(" + certPathParameters + ")");
        }
        this.buildParams = PKIX.checkBuilderParams(certPathParameters);
        return build();
    }

    @Override // java.security.cert.CertPathBuilderSpi
    public CertPathChecker engineGetRevocationChecker() {
        return new RevocationChecker();
    }
}
