package xch.bouncycastle.jce.provider;

import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import xch.bouncycastle.asn1.x500.X500Name;
import xch.bouncycastle.asn1.x509.AlgorithmIdentifier;
import xch.bouncycastle.asn1.x509.Extension;
import xch.bouncycastle.asn1.x509.TBSCertificate;
import xch.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import xch.bouncycastle.jcajce.PKIXExtendedParameters;
import xch.bouncycastle.jcajce.interfaces.BCX509Certificate;
import xch.bouncycastle.jcajce.util.BCJcaJceHelper;
import xch.bouncycastle.jcajce.util.JcaJceHelper;
import xch.bouncycastle.jce.exception.ExtCertPathValidatorException;
import xch.bouncycastle.x509.ExtendedPKIXParameters;

/* loaded from: classes.dex */
public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi {

    /* renamed from: a, reason: collision with root package name */
    private final JcaJceHelper f2634a;

    /* renamed from: b, reason: collision with root package name */
    private final boolean f2635b;

    public PKIXCertPathValidatorSpi() {
        this(false);
    }

    public PKIXCertPathValidatorSpi(boolean z) {
        this.f2634a = new BCJcaJceHelper();
        this.f2635b = z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    static void a(X509Certificate x509Certificate) {
        if (x509Certificate instanceof BCX509Certificate) {
            RuntimeException runtimeException = null;
            try {
                if (((BCX509Certificate) x509Certificate).j() != null) {
                    return;
                }
            } catch (RuntimeException e) {
                runtimeException = e;
            }
            throw new AnnotatedException("unable to process TBSCertificate", runtimeException);
        }
        try {
            TBSCertificate.a(x509Certificate.getTBSCertificate());
        } catch (IllegalArgumentException e2) {
            throw new AnnotatedException(e2.getMessage());
        } catch (CertificateEncodingException e3) {
            throw new AnnotatedException("unable to process TBSCertificate", e3);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v26, types: [int] */
    /* JADX WARN: Type inference failed for: r0v31, types: [int] */
    /* JADX WARN: Type inference failed for: r13v3, types: [java.security.cert.X509Certificate, xch.bouncycastle.jce.provider.PKIXNameConstraintValidator] */
    /* JADX WARN: Type inference failed for: r3v3 */
    /* JADX WARN: Type inference failed for: r3v7, types: [xch.bouncycastle.asn1.x509.AlgorithmIdentifier] */
    @Override // java.security.cert.CertPathValidatorSpi
    public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters certPathParameters) {
        PKIXExtendedParameters pKIXExtendedParameters;
        List<? extends Certificate> list;
        X500Name a2;
        PublicKey cAPublicKey;
        HashSet hashSet;
        int i;
        List list2;
        int i2;
        int i3;
        X509Certificate x509Certificate;
        int i4;
        HashSet hashSet2;
        if (certPathParameters instanceof PKIXParameters) {
            PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder((PKIXParameters) certPathParameters);
            if (certPathParameters instanceof ExtendedPKIXParameters) {
                ExtendedPKIXParameters extendedPKIXParameters = (ExtendedPKIXParameters) certPathParameters;
                builder.b(extendedPKIXParameters.j());
                builder.a(extendedPKIXParameters.h());
            }
            pKIXExtendedParameters = builder.a();
        } else if (certPathParameters instanceof PKIXExtendedBuilderParameters) {
            pKIXExtendedParameters = ((PKIXExtendedBuilderParameters) certPathParameters).a();
        } else {
            if (!(certPathParameters instanceof PKIXExtendedParameters)) {
                StringBuilder a3 = a.a.a.a.a.a("Parameters must be a ");
                a3.append(PKIXParameters.class.getName());
                a3.append(" instance.");
                throw new InvalidAlgorithmParameterException(a3.toString());
            }
            pKIXExtendedParameters = (PKIXExtendedParameters) certPathParameters;
        }
        if (pKIXExtendedParameters.l() == null) {
            throw new InvalidAlgorithmParameterException("trustAnchors is null, this is not allowed for certification path validation.");
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size();
        int i5 = -1;
        if (certificates.isEmpty()) {
            throw new CertPathValidatorException("Certification path is empty.", null, certPath, -1);
        }
        Set f = pKIXExtendedParameters.f();
        try {
            TrustAnchor a4 = c.a((X509Certificate) certificates.get(certificates.size() - 1), pKIXExtendedParameters.l(), pKIXExtendedParameters.j());
            if (a4 == null) {
                list = certificates;
                try {
                    throw new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
                } catch (AnnotatedException e) {
                    e = e;
                    throw new CertPathValidatorException(e.getMessage(), e.b(), certPath, list.size() - 1);
                }
            }
            a(a4.getTrustedCert());
            PKIXExtendedParameters a5 = new PKIXExtendedParameters.Builder(pKIXExtendedParameters).a(a4).a();
            int i6 = size + 1;
            ArrayList[] arrayListArr = new ArrayList[i6];
            for (int i7 = 0; i7 < i6; i7++) {
                arrayListArr[i7] = new ArrayList();
            }
            HashSet hashSet3 = new HashSet();
            hashSet3.add(i.p);
            PKIXPolicyNode pKIXPolicyNode = new PKIXPolicyNode(new ArrayList(), 0, hashSet3, null, new HashSet(), i.p, false);
            arrayListArr[0].add(pKIXPolicyNode);
            PKIXNameConstraintValidator pKIXNameConstraintValidator = new PKIXNameConstraintValidator();
            HashSet hashSet4 = new HashSet();
            int i8 = a5.o() ? 0 : i6;
            int i9 = a5.n() ? 0 : i6;
            if (a5.p()) {
                i6 = 0;
            }
            X509Certificate trustedCert = a4.getTrustedCert();
            try {
                if (trustedCert != null) {
                    a2 = h.b(trustedCert);
                    cAPublicKey = trustedCert.getPublicKey();
                } else {
                    a2 = h.a(a4);
                    cAPublicKey = a4.getCAPublicKey();
                }
                try {
                    i5 = c.a(cAPublicKey);
                    i5.h();
                    i5.i();
                    if (a5.k() != null && !a5.k().a((X509Certificate) certificates.get(0))) {
                        throw new ExtCertPathValidatorException("Target certificate in certification path does not match targetConstraints.", null, certPath, 0);
                    }
                    List b2 = a5.b();
                    Iterator it = b2.iterator();
                    while (it.hasNext()) {
                        ((PKIXCertPathChecker) it.next()).init(false);
                        i6 = i6;
                    }
                    int i10 = i6;
                    int i11 = i8;
                    PublicKey publicKey = cAPublicKey;
                    X509Certificate x509Certificate2 = null;
                    int i12 = i9;
                    X500Name x500Name = a2;
                    int size2 = certificates.size() - 1;
                    int i13 = size;
                    X509Certificate x509Certificate3 = trustedCert;
                    PKIXPolicyNode pKIXPolicyNode2 = pKIXPolicyNode;
                    int i14 = i10;
                    while (size2 >= 0) {
                        int i15 = size - size2;
                        Set set = f;
                        X509Certificate x509Certificate4 = (X509Certificate) certificates.get(size2);
                        int i16 = i13;
                        boolean z = size2 == certificates.size() + (-1);
                        try {
                            a(x509Certificate4);
                            List<? extends Certificate> list3 = certificates;
                            int i17 = i12;
                            PKIXExtendedParameters pKIXExtendedParameters2 = a5;
                            ?? r0 = i11;
                            boolean z2 = z;
                            int i18 = i14;
                            TrustAnchor trustAnchor = a4;
                            int i19 = size2;
                            ?? r13 = pKIXNameConstraintValidator;
                            i.a(certPath, a5, size2, publicKey, z2, x500Name, x509Certificate3, this.f2634a);
                            i.a(certPath, i19, (PKIXNameConstraintValidator) r13, this.f2635b);
                            PKIXPolicyNode a6 = i.a(certPath, i19, i.a(certPath, i19, hashSet4, pKIXPolicyNode2, arrayListArr, i17, this.f2635b));
                            i.a(certPath, i19, a6, (int) r0);
                            if (z2 == size) {
                                i = i17;
                                list2 = r0;
                                i2 = i16;
                                i3 = i18;
                                x509Certificate = r13;
                            } else {
                                if (r13 != 0 && r13.getVersion() == 1) {
                                    if (z2) {
                                        x509Certificate = r13;
                                        if (x509Certificate.equals(trustAnchor.getTrustedCert())) {
                                            i = i17;
                                            list2 = r0;
                                            i2 = i16;
                                            i3 = i18;
                                        }
                                    }
                                    throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, certPath, i19);
                                }
                                x509Certificate = r13;
                                i.a(certPath, i19);
                                PKIXPolicyNode a7 = i.a(certPath, i19, arrayListArr, a6, i18);
                                i.a(certPath, i19, (PKIXNameConstraintValidator) r13);
                                int a8 = i.a(certPath, i19, (int) r0);
                                int b3 = i.b(certPath, i19, i18);
                                int c2 = i.c(certPath, i19, i17);
                                ?? d2 = i.d(certPath, i19, a8);
                                int e2 = i.e(certPath, i19, b3);
                                i.f(certPath, i19, c2);
                                i.b(certPath, i19);
                                int h = i.h(certPath, i19, i.g(certPath, i19, i16));
                                i.c(certPath, i19);
                                Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
                                if (criticalExtensionOIDs != null) {
                                    hashSet2 = new HashSet(criticalExtensionOIDs);
                                    hashSet2.remove(i.n);
                                    hashSet2.remove(i.f2681b);
                                    hashSet2.remove(i.f2682c);
                                    hashSet2.remove(i.f2683d);
                                    hashSet2.remove(i.e);
                                    hashSet2.remove(i.g);
                                    hashSet2.remove(i.h);
                                    hashSet2.remove(i.i);
                                    hashSet2.remove(i.k);
                                    hashSet2.remove(i.l);
                                } else {
                                    hashSet2 = new HashSet();
                                }
                                list2 = d2;
                                i.a(certPath, i19, hashSet2, list2);
                                X500Name b4 = h.b(x509Certificate);
                                try {
                                    PublicKey a9 = c.a(certPath.getCertificates(), i19, this.f2634a);
                                    AlgorithmIdentifier a10 = c.a(a9);
                                    a10.h();
                                    a10.i();
                                    pKIXPolicyNode2 = a7;
                                    x509Certificate3 = x509Certificate;
                                    i13 = h;
                                    x500Name = b4;
                                    publicKey = a9;
                                    i11 = d2;
                                    i4 = e2;
                                    i12 = i11;
                                    size2 = i19 - 1;
                                    x509Certificate2 = x509Certificate;
                                    b2 = list2;
                                    pKIXNameConstraintValidator = r13;
                                    a4 = trustAnchor;
                                    certificates = list3;
                                    f = set;
                                    i14 = i4;
                                    a5 = pKIXExtendedParameters2;
                                } catch (CertPathValidatorException e3) {
                                    throw new CertPathValidatorException("Next working key could not be retrieved.", e3, certPath, i19);
                                }
                            }
                            i11 = r0;
                            pKIXPolicyNode2 = a6;
                            i4 = i3;
                            i13 = i2;
                            i12 = i;
                            size2 = i19 - 1;
                            x509Certificate2 = x509Certificate;
                            b2 = list2;
                            pKIXNameConstraintValidator = r13;
                            a4 = trustAnchor;
                            certificates = list3;
                            f = set;
                            i14 = i4;
                            a5 = pKIXExtendedParameters2;
                        } catch (AnnotatedException e4) {
                            throw new CertPathValidatorException(e4.getMessage(), e4.b(), certPath, size2);
                        }
                    }
                    PKIXExtendedParameters pKIXExtendedParameters3 = a5;
                    List list4 = b2;
                    Set set2 = f;
                    TrustAnchor trustAnchor2 = a4;
                    int i20 = size2;
                    int a11 = i.a(i11, x509Certificate2);
                    int i21 = i20 + 1;
                    int i22 = i.i(certPath, i21, a11);
                    Set<String> criticalExtensionOIDs2 = x509Certificate2.getCriticalExtensionOIDs();
                    if (criticalExtensionOIDs2 != null) {
                        hashSet = new HashSet(criticalExtensionOIDs2);
                        hashSet.remove(i.n);
                        hashSet.remove(i.f2681b);
                        hashSet.remove(i.f2682c);
                        hashSet.remove(i.f2683d);
                        hashSet.remove(i.e);
                        hashSet.remove(i.g);
                        hashSet.remove(i.h);
                        hashSet.remove(i.i);
                        hashSet.remove(i.k);
                        hashSet.remove(i.l);
                        hashSet.remove(i.j);
                        hashSet.remove(Extension.S5.l());
                    } else {
                        hashSet = new HashSet();
                    }
                    i.a(certPath, i21, list4, hashSet);
                    X509Certificate x509Certificate5 = x509Certificate2;
                    PKIXPolicyNode a12 = i.a(certPath, pKIXExtendedParameters3, set2, i21, arrayListArr, pKIXPolicyNode2, hashSet4);
                    if (i22 > 0 || a12 != null) {
                        return new PKIXCertPathValidatorResult(trustAnchor2, a12, x509Certificate5.getPublicKey());
                    }
                    throw new CertPathValidatorException("Path processing failed on policy.", null, certPath, i20);
                } catch (CertPathValidatorException e5) {
                    throw new ExtCertPathValidatorException("Algorithm identifier of public key of trust anchor could not be read.", e5, certPath, -1);
                }
            } catch (RuntimeException e6) {
                throw new ExtCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", e6, certPath, i5);
            }
        } catch (AnnotatedException e7) {
            e = e7;
            list = certificates;
        }
    }
}
