package org.bouncycastle.jce.provider;

import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.x509.ExtendedPKIXParameters;

/* loaded from: classes3.dex */
public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi {
    public final JcaJceHelper helper = new BCJcaJceHelper();

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v15 */
    /* JADX WARN: Type inference failed for: r2v18, types: [org.bouncycastle.asn1.x509.AlgorithmIdentifier] */
    @Override // java.security.cert.CertPathValidatorSpi
    public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        PKIXExtendedParameters baseParameters;
        X500Name b;
        PublicKey cAPublicKey;
        HashSet hashSet;
        PKIXCertPathValidatorSpi pKIXCertPathValidatorSpi;
        ArrayList[] arrayListArr;
        List list;
        HashSet hashSet2;
        PKIXCertPathValidatorSpi pKIXCertPathValidatorSpi2 = this;
        if (!(certPathParameters instanceof CertPathParameters)) {
            throw new InvalidAlgorithmParameterException("Parameters must be a " + PKIXParameters.class.getName() + " instance.");
        }
        if (certPathParameters instanceof PKIXParameters) {
            PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder((PKIXParameters) certPathParameters);
            if (certPathParameters instanceof ExtendedPKIXParameters) {
                ExtendedPKIXParameters extendedPKIXParameters = (ExtendedPKIXParameters) certPathParameters;
                builder.setUseDeltasEnabled(extendedPKIXParameters.Ik());
                builder.setValidityModel(extendedPKIXParameters.getValidityModel());
            }
            baseParameters = builder.build();
        } else {
            baseParameters = certPathParameters instanceof PKIXExtendedBuilderParameters ? ((PKIXExtendedBuilderParameters) certPathParameters).getBaseParameters() : (PKIXExtendedParameters) certPathParameters;
        }
        if (baseParameters.getTrustAnchors() == null) {
            throw new InvalidAlgorithmParameterException("trustAnchors is null, this is not allowed for certification path validation.");
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size();
        if (certificates.isEmpty()) {
            throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
        }
        Set initialPolicies = baseParameters.getInitialPolicies();
        try {
            TrustAnchor a = CertPathValidatorUtilities.a((X509Certificate) certificates.get(certificates.size() - 1), baseParameters.getTrustAnchors(), baseParameters.getSigProvider());
            int i = -1;
            if (a == null) {
                throw new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
            }
            PKIXExtendedParameters build = new PKIXExtendedParameters.Builder(baseParameters).a(a).build();
            int i2 = size + 1;
            ArrayList[] arrayListArr2 = new ArrayList[i2];
            for (int i3 = 0; i3 < arrayListArr2.length; i3++) {
                arrayListArr2[i3] = new ArrayList();
            }
            HashSet hashSet3 = new HashSet();
            hashSet3.add("2.5.29.32.0");
            PKIXPolicyNode pKIXPolicyNode = new PKIXPolicyNode(new ArrayList(), 0, hashSet3, null, new HashSet(), "2.5.29.32.0", false);
            arrayListArr2[0].add(pKIXPolicyNode);
            PKIXNameConstraintValidator pKIXNameConstraintValidator = new PKIXNameConstraintValidator();
            HashSet hashSet4 = new HashSet();
            int i4 = build.isExplicitPolicyRequired() ? 0 : i2;
            int i5 = build.isAnyPolicyInhibited() ? 0 : i2;
            if (build.isPolicyMappingInhibited()) {
                i2 = 0;
            }
            X509Certificate trustedCert = a.getTrustedCert();
            try {
                if (trustedCert != null) {
                    b = PrincipalUtils.f(trustedCert);
                    cAPublicKey = trustedCert.getPublicKey();
                } else {
                    b = PrincipalUtils.b(a);
                    cAPublicKey = a.getCAPublicKey();
                }
                try {
                    i = CertPathValidatorUtilities.c(cAPublicKey);
                    i.getAlgorithm();
                    i.getParameters();
                    if (build.getTargetConstraints() != null && !build.getTargetConstraints().m((X509Certificate) certificates.get(0))) {
                        throw new ExtCertPathValidatorException("Target certificate in certification path does not match targetConstraints.", null, certPath, 0);
                    }
                    List certPathCheckers = build.getCertPathCheckers();
                    Iterator it = certPathCheckers.iterator();
                    while (it.hasNext()) {
                        ((PKIXCertPathChecker) it.next()).init(false);
                    }
                    int i6 = i2;
                    int i7 = size;
                    X509Certificate x509Certificate = null;
                    int size2 = certificates.size() - 1;
                    int i8 = i5;
                    PKIXPolicyNode pKIXPolicyNode2 = pKIXPolicyNode;
                    while (size2 >= 0) {
                        int i9 = size - size2;
                        X509Certificate x509Certificate2 = (X509Certificate) certificates.get(size2);
                        int i10 = i8;
                        boolean z = size2 == certificates.size() + (-1);
                        List<? extends Certificate> list2 = certificates;
                        int i11 = i4;
                        Set set = initialPolicies;
                        int i12 = size2;
                        PKIXExtendedParameters pKIXExtendedParameters = build;
                        PKIXNameConstraintValidator pKIXNameConstraintValidator2 = pKIXNameConstraintValidator;
                        boolean z2 = z;
                        ArrayList[] arrayListArr3 = arrayListArr2;
                        TrustAnchor trustAnchor = a;
                        List list3 = certPathCheckers;
                        RFC3280CertPathUtilities.a(certPath, build, size2, cAPublicKey, z2, b, trustedCert, pKIXCertPathValidatorSpi2.helper);
                        RFC3280CertPathUtilities.b(certPath, i12, pKIXNameConstraintValidator2);
                        PKIXPolicyNode a2 = RFC3280CertPathUtilities.a(certPath, i12, RFC3280CertPathUtilities.a(certPath, i12, hashSet4, pKIXPolicyNode2, arrayListArr3, i10));
                        RFC3280CertPathUtilities.a(certPath, i12, a2, i11);
                        if (i9 == size) {
                            pKIXCertPathValidatorSpi = this;
                            arrayListArr = arrayListArr3;
                            list = list3;
                            pKIXPolicyNode2 = a2;
                            i8 = i10;
                            i4 = i11;
                        } else {
                            if (x509Certificate2 != null && x509Certificate2.getVersion() == 1) {
                                throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, certPath, i12);
                            }
                            RFC3280CertPathUtilities.a(certPath, i12);
                            arrayListArr = arrayListArr3;
                            PKIXPolicyNode a3 = RFC3280CertPathUtilities.a(certPath, i12, arrayListArr, a2, i6);
                            RFC3280CertPathUtilities.a(certPath, i12, pKIXNameConstraintValidator2);
                            int a4 = RFC3280CertPathUtilities.a(certPath, i12, i11);
                            int b2 = RFC3280CertPathUtilities.b(certPath, i12, i6);
                            int c = RFC3280CertPathUtilities.c(certPath, i12, i10);
                            int d = RFC3280CertPathUtilities.d(certPath, i12, a4);
                            int e = RFC3280CertPathUtilities.e(certPath, i12, b2);
                            int f = RFC3280CertPathUtilities.f(certPath, i12, c);
                            RFC3280CertPathUtilities.b(certPath, i12);
                            int h = RFC3280CertPathUtilities.h(certPath, i12, RFC3280CertPathUtilities.g(certPath, i12, i7));
                            RFC3280CertPathUtilities.c(certPath, i12);
                            Set<String> criticalExtensionOIDs = x509Certificate2.getCriticalExtensionOIDs();
                            if (criticalExtensionOIDs != null) {
                                hashSet2 = new HashSet(criticalExtensionOIDs);
                                hashSet2.remove(RFC3280CertPathUtilities.OJb);
                                hashSet2.remove(RFC3280CertPathUtilities.JJb);
                                hashSet2.remove(RFC3280CertPathUtilities.LJb);
                                hashSet2.remove(RFC3280CertPathUtilities.PJb);
                                hashSet2.remove(RFC3280CertPathUtilities.QJb);
                                hashSet2.remove(RFC3280CertPathUtilities.RJb);
                                hashSet2.remove(RFC3280CertPathUtilities.SJb);
                                hashSet2.remove(RFC3280CertPathUtilities.KJb);
                                hashSet2.remove(RFC3280CertPathUtilities.MJb);
                                hashSet2.remove(RFC3280CertPathUtilities.NJb);
                            } else {
                                hashSet2 = new HashSet();
                            }
                            list = list3;
                            RFC3280CertPathUtilities.a(certPath, i12, hashSet2, list);
                            b = PrincipalUtils.f(x509Certificate2);
                            try {
                                pKIXCertPathValidatorSpi = this;
                            } catch (CertPathValidatorException e2) {
                                e = e2;
                            }
                            try {
                                cAPublicKey = CertPathValidatorUtilities.a(certPath.getCertificates(), i12, pKIXCertPathValidatorSpi.helper);
                                AlgorithmIdentifier c2 = CertPathValidatorUtilities.c(cAPublicKey);
                                c2.getAlgorithm();
                                c2.getParameters();
                                pKIXPolicyNode2 = a3;
                                i6 = e;
                                i8 = f;
                                i7 = h;
                                trustedCert = x509Certificate2;
                                i4 = d;
                            } catch (CertPathValidatorException e3) {
                                e = e3;
                                throw new CertPathValidatorException("Next working key could not be retrieved.", e, certPath, i12);
                            }
                        }
                        size2 = i12 - 1;
                        arrayListArr2 = arrayListArr;
                        certPathCheckers = list;
                        pKIXCertPathValidatorSpi2 = pKIXCertPathValidatorSpi;
                        x509Certificate = x509Certificate2;
                        certificates = list2;
                        initialPolicies = set;
                        a = trustAnchor;
                        pKIXNameConstraintValidator = pKIXNameConstraintValidator2;
                        build = pKIXExtendedParameters;
                    }
                    PKIXExtendedParameters pKIXExtendedParameters2 = build;
                    ArrayList[] arrayListArr4 = arrayListArr2;
                    TrustAnchor trustAnchor2 = a;
                    List list4 = certPathCheckers;
                    Set set2 = initialPolicies;
                    int i13 = size2;
                    int i14 = i13 + 1;
                    int i15 = RFC3280CertPathUtilities.i(certPath, i14, RFC3280CertPathUtilities.a(i4, x509Certificate));
                    Set<String> criticalExtensionOIDs2 = x509Certificate.getCriticalExtensionOIDs();
                    if (criticalExtensionOIDs2 != null) {
                        hashSet = new HashSet(criticalExtensionOIDs2);
                        hashSet.remove(RFC3280CertPathUtilities.OJb);
                        hashSet.remove(RFC3280CertPathUtilities.JJb);
                        hashSet.remove(RFC3280CertPathUtilities.LJb);
                        hashSet.remove(RFC3280CertPathUtilities.PJb);
                        hashSet.remove(RFC3280CertPathUtilities.QJb);
                        hashSet.remove(RFC3280CertPathUtilities.RJb);
                        hashSet.remove(RFC3280CertPathUtilities.SJb);
                        hashSet.remove(RFC3280CertPathUtilities.KJb);
                        hashSet.remove(RFC3280CertPathUtilities.MJb);
                        hashSet.remove(RFC3280CertPathUtilities.NJb);
                        hashSet.remove(RFC3280CertPathUtilities.UJb);
                    } else {
                        hashSet = new HashSet();
                    }
                    RFC3280CertPathUtilities.a(certPath, i14, list4, hashSet);
                    X509Certificate x509Certificate3 = x509Certificate;
                    PKIXPolicyNode a5 = RFC3280CertPathUtilities.a(certPath, pKIXExtendedParameters2, set2, i14, arrayListArr4, pKIXPolicyNode2, hashSet4);
                    if (i15 > 0 || a5 != null) {
                        return new PKIXCertPathValidatorResult(trustAnchor2, a5, x509Certificate3.getPublicKey());
                    }
                    throw new CertPathValidatorException("Path processing failed on policy.", null, certPath, i13);
                } catch (CertPathValidatorException e4) {
                    throw new ExtCertPathValidatorException("Algorithm identifier of public key of trust anchor could not be read.", e4, certPath, -1);
                }
            } catch (IllegalArgumentException e5) {
                throw new ExtCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", e5, certPath, i);
            }
        } catch (AnnotatedException e6) {
            throw new CertPathValidatorException(e6.getMessage(), e6, certPath, certificates.size() - 1);
        }
    }
}
