package org.bouncycastle.jce.provider;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.jcajce.PKIXCertStore;
import org.bouncycastle.jcajce.PKIXCertStoreSelector;
import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
import org.bouncycastle.x509.ExtendedPKIXParameters;

/* loaded from: classes.dex */
public class PKIXCertPathBuilderSpi extends CertPathBuilderSpi {

    /* renamed from: a, reason: collision with root package name */
    public final boolean f15644a;

    /* renamed from: b, reason: collision with root package name */
    public AnnotatedException f15645b;

    public PKIXCertPathBuilderSpi() {
        this(false);
    }

    public PKIXCertPathBuilderSpi(boolean z3) {
        this.f15644a = z3;
    }

    public final CertPathBuilderResult a(X509Certificate x509Certificate, PKIXExtendedBuilderParameters pKIXExtendedBuilderParameters, ArrayList arrayList) {
        PKIXParameters pKIXParameters;
        ArrayList arrayList2;
        CertPathBuilderResult certPathBuilderResult = null;
        if (arrayList.contains(x509Certificate)) {
            return null;
        }
        PKIXExtendedParameters pKIXExtendedParameters = pKIXExtendedBuilderParameters.f14976a;
        if (pKIXExtendedBuilderParameters.f14977b.contains(x509Certificate)) {
            return null;
        }
        int i8 = pKIXExtendedBuilderParameters.f14978c;
        if (i8 != -1 && arrayList.size() - 1 > i8) {
            return null;
        }
        arrayList.add(x509Certificate);
        try {
            CertificateFactory certificateFactory = new CertificateFactory();
            PKIXCertPathValidatorSpi pKIXCertPathValidatorSpi = new PKIXCertPathValidatorSpi(this.f15644a);
            try {
                Set set = pKIXExtendedParameters.k;
                pKIXParameters = pKIXExtendedParameters.f14982a;
                try {
                    if (CertPathValidatorUtilities.c(x509Certificate, set, pKIXParameters.getSigProvider()) != null) {
                        try {
                            CertPath engineGenerateCertPath = certificateFactory.engineGenerateCertPath(arrayList);
                            try {
                                PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) pKIXCertPathValidatorSpi.engineValidate(engineGenerateCertPath, pKIXExtendedBuilderParameters);
                                return new PKIXCertPathBuilderResult(engineGenerateCertPath, pKIXCertPathValidatorResult.getTrustAnchor(), pKIXCertPathValidatorResult.getPolicyTree(), pKIXCertPathValidatorResult.getPublicKey());
                            } catch (Exception e5) {
                                throw new AnnotatedException("Certification path could not be validated.", e5);
                            }
                        } catch (Exception e8) {
                            throw new AnnotatedException("Certification path could not be constructed from certificate list.", e8);
                        }
                    }
                } catch (Exception unused) {
                }
                arrayList2 = new ArrayList();
                arrayList2.addAll(pKIXExtendedParameters.f14985d);
            } catch (AnnotatedException e9) {
                this.f15645b = e9;
            }
            try {
                arrayList2.addAll(CertPathValidatorUtilities.d(x509Certificate.getExtensionValue(Extension.f13419f.f12719a), pKIXExtendedParameters.f14986e));
                HashSet hashSet = new HashSet();
                try {
                    hashSet.addAll(CertPathValidatorUtilities.b(x509Certificate, pKIXParameters.getCertStores(), arrayList2));
                    if (hashSet.isEmpty()) {
                        throw new AnnotatedException("No issuer certificate for certificate in certification path found.", null);
                    }
                    Iterator it = hashSet.iterator();
                    while (it.hasNext() && certPathBuilderResult == null) {
                        certPathBuilderResult = a((X509Certificate) it.next(), pKIXExtendedBuilderParameters, arrayList);
                    }
                    if (certPathBuilderResult == null) {
                        arrayList.remove(x509Certificate);
                    }
                    return certPathBuilderResult;
                } catch (AnnotatedException e10) {
                    throw new AnnotatedException("Cannot find issuer certificate for certificate in certification path.", e10);
                }
            } catch (CertificateParsingException e11) {
                throw new AnnotatedException("No additional X.509 stores can be added from certificate locations.", e11);
            }
        } catch (Exception unused2) {
            throw new RuntimeException("Exception creating support classes.");
        }
    }

    @Override // java.security.cert.CertPathBuilderSpi
    public final CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) {
        PKIXExtendedBuilderParameters pKIXExtendedBuilderParameters;
        PKIXExtendedBuilderParameters.Builder builder;
        if (certPathParameters instanceof PKIXBuilderParameters) {
            PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) certPathParameters;
            PKIXExtendedParameters.Builder builder2 = new PKIXExtendedParameters.Builder(pKIXBuilderParameters);
            if (certPathParameters instanceof ExtendedPKIXParameters) {
                ExtendedPKIXBuilderParameters extendedPKIXBuilderParameters = (ExtendedPKIXBuilderParameters) certPathParameters;
                Iterator it = Collections.unmodifiableList(extendedPKIXBuilderParameters.f16749c).iterator();
                while (it.hasNext()) {
                    builder2.f14994d.add((PKIXCertStore) it.next());
                }
                builder = new PKIXExtendedBuilderParameters.Builder(new PKIXExtendedParameters(builder2));
                builder.f14981c.addAll(Collections.unmodifiableSet(extendedPKIXBuilderParameters.k));
                int i8 = extendedPKIXBuilderParameters.j;
                if (i8 < -1) {
                    throw new InvalidParameterException("The maximum path length parameter can not be less than -1.");
                }
                builder.f14980b = i8;
            } else {
                builder = new PKIXExtendedBuilderParameters.Builder(pKIXBuilderParameters);
            }
            pKIXExtendedBuilderParameters = new PKIXExtendedBuilderParameters(builder);
        } else {
            if (!(certPathParameters instanceof PKIXExtendedBuilderParameters)) {
                throw new InvalidAlgorithmParameterException("Parameters must be an instance of " + PKIXBuilderParameters.class.getName() + " or " + PKIXExtendedBuilderParameters.class.getName() + ".");
            }
            pKIXExtendedBuilderParameters = (PKIXExtendedBuilderParameters) certPathParameters;
        }
        ArrayList arrayList = new ArrayList();
        PKIXExtendedParameters pKIXExtendedParameters = pKIXExtendedBuilderParameters.f14976a;
        PKIXCertStoreSelector pKIXCertStoreSelector = pKIXExtendedParameters.f14983b;
        try {
            LinkedHashSet a3 = CertPathValidatorUtilities.a(pKIXCertStoreSelector, pKIXExtendedParameters.f14985d);
            a3.addAll(CertPathValidatorUtilities.a(pKIXCertStoreSelector, pKIXExtendedBuilderParameters.f14976a.f14982a.getCertStores()));
            if (a3.isEmpty()) {
                throw new CertPathBuilderException("No certificate found matching targetConstraints.");
            }
            Iterator it2 = a3.iterator();
            CertPathBuilderResult certPathBuilderResult = null;
            while (it2.hasNext() && certPathBuilderResult == null) {
                certPathBuilderResult = a((X509Certificate) it2.next(), pKIXExtendedBuilderParameters, arrayList);
            }
            if (certPathBuilderResult == null && this.f15645b != null) {
                throw new CertPathBuilderException(this.f15645b.getMessage(), this.f15645b.getCause());
            }
            if (certPathBuilderResult == null && this.f15645b == null) {
                throw new CertPathBuilderException("Unable to find certificate chain.");
            }
            return certPathBuilderResult;
        } catch (AnnotatedException e5) {
            throw new ExtCertPathBuilderException("Error finding target certificate.", e5);
        }
    }
}
