package org.bouncycastle.jce.provider;

import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.jcajce.PKIXCertRevocationChecker;
import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jcajce.interfaces.BCX509Certificate;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.x509.ExtendedPKIXParameters;

/* loaded from: classes3.dex */
public class PKIXCertPathValidatorSpi_8 extends CertPathValidatorSpi {

    /* renamed from: a, reason: collision with root package name */
    private final JcaJceHelper f14782a;

    /* renamed from: b, reason: collision with root package name */
    private final boolean f14783b;

    public PKIXCertPathValidatorSpi_8() {
        this(false);
    }

    public PKIXCertPathValidatorSpi_8(boolean z) {
        this.f14782a = new BCJcaJceHelper();
        this.f14783b = z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    static void a(X509Certificate x509Certificate) throws AnnotatedException {
        if (x509Certificate instanceof BCX509Certificate) {
            RuntimeException runtimeException = null;
            try {
                if (((BCX509Certificate) x509Certificate).getTBSCertificateNative() != null) {
                    return;
                }
            } catch (RuntimeException e) {
                runtimeException = e;
            }
            throw new AnnotatedException("unable to process TBSCertificate", runtimeException);
        }
        try {
            TBSCertificate.getInstance(x509Certificate.getTBSCertificate());
        } catch (IllegalArgumentException e2) {
            throw new AnnotatedException(e2.getMessage());
        } catch (CertificateEncodingException e3) {
            throw new AnnotatedException("unable to process TBSCertificate", e3);
        }
    }

    @Override // java.security.cert.CertPathValidatorSpi
    public PKIXCertPathChecker engineGetRevocationChecker() {
        return new l(this.f14782a);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v4 */
    /* JADX WARN: Type inference failed for: r3v6, types: [int] */
    /* JADX WARN: Type inference failed for: r3v8, types: [org.bouncycastle.asn1.x509.AlgorithmIdentifier] */
    /* JADX WARN: Type inference failed for: r5v16, types: [java.security.cert.PKIXCertPathChecker, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r5v4 */
    /* JADX WARN: Type inference failed for: r8v2, types: [boolean] */
    @Override // java.security.cert.CertPathValidatorSpi
    public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        PKIXExtendedParameters pKIXExtendedParameters;
        int i;
        List<? extends Certificate> list;
        X500Name a2;
        PublicKey cAPublicKey;
        HashSet hashSet;
        int i2;
        ArrayList arrayList;
        int i3;
        HashSet hashSet2;
        if (certPathParameters instanceof PKIXParameters) {
            PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder((PKIXParameters) certPathParameters);
            if (certPathParameters instanceof ExtendedPKIXParameters) {
                ExtendedPKIXParameters extendedPKIXParameters = (ExtendedPKIXParameters) certPathParameters;
                builder.setUseDeltasEnabled(extendedPKIXParameters.isUseDeltasEnabled());
                builder.setValidityModel(extendedPKIXParameters.getValidityModel());
            }
            pKIXExtendedParameters = builder.build();
        } else if (certPathParameters instanceof PKIXExtendedBuilderParameters) {
            pKIXExtendedParameters = ((PKIXExtendedBuilderParameters) certPathParameters).getBaseParameters();
        } else {
            if (!(certPathParameters instanceof PKIXExtendedParameters)) {
                throw new InvalidAlgorithmParameterException("Parameters must be a " + PKIXParameters.class.getName() + " instance.");
            }
            pKIXExtendedParameters = (PKIXExtendedParameters) certPathParameters;
        }
        if (pKIXExtendedParameters.getTrustAnchors() == null) {
            throw new InvalidAlgorithmParameterException("trustAnchors is null, this is not allowed for certification path validation.");
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size();
        ?? r3 = -1;
        if (certificates.isEmpty()) {
            throw new CertPathValidatorException("Certification path is empty.", null, certPath, -1);
        }
        Date s = b.s(pKIXExtendedParameters, new Date());
        Set initialPolicies = pKIXExtendedParameters.getInitialPolicies();
        try {
            TrustAnchor e = b.e((X509Certificate) certificates.get(certificates.size() - 1), pKIXExtendedParameters.getTrustAnchors(), pKIXExtendedParameters.getSigProvider());
            if (e == null) {
                i = 1;
                list = certificates;
                try {
                    throw new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
                } catch (AnnotatedException e2) {
                    e = e2;
                    throw new CertPathValidatorException(e.getMessage(), e.a(), certPath, list.size() - i);
                }
            }
            a(e.getTrustedCert());
            PKIXExtendedParameters build = new PKIXExtendedParameters.Builder(pKIXExtendedParameters).setTrustAnchor(e).build();
            ArrayList arrayList2 = new ArrayList();
            PKIXCertRevocationChecker pKIXCertRevocationChecker = null;
            for (?? r5 : build.getCertPathCheckers()) {
                r5.init(false);
                if (!(r5 instanceof PKIXRevocationChecker)) {
                    arrayList2.add(r5);
                } else {
                    if (pKIXCertRevocationChecker != null) {
                        throw new CertPathValidatorException("only one PKIXRevocationChecker allowed");
                    }
                    pKIXCertRevocationChecker = r5 instanceof PKIXCertRevocationChecker ? (PKIXCertRevocationChecker) r5 : new q(r5);
                }
            }
            if (build.isRevocationEnabled() && pKIXCertRevocationChecker == null) {
                pKIXCertRevocationChecker = new l(this.f14782a);
            }
            PKIXCertRevocationChecker pKIXCertRevocationChecker2 = pKIXCertRevocationChecker;
            int i4 = size + 1;
            ArrayList[] arrayListArr = new ArrayList[i4];
            for (int i5 = 0; i5 < i4; i5++) {
                arrayListArr[i5] = new ArrayList();
            }
            HashSet hashSet3 = new HashSet();
            hashSet3.add("2.5.29.32.0");
            arrayListArr[0].add(new PKIXPolicyNode(new ArrayList(), 0, hashSet3, null, new HashSet(), "2.5.29.32.0", false));
            PKIXNameConstraintValidator pKIXNameConstraintValidator = new PKIXNameConstraintValidator();
            HashSet hashSet4 = new HashSet();
            int i6 = build.isExplicitPolicyRequired() ? 0 : i4;
            int i7 = build.isAnyPolicyInhibited() ? 0 : i4;
            if (build.isPolicyMappingInhibited()) {
                i4 = 0;
            }
            X509Certificate trustedCert = e.getTrustedCert();
            try {
                if (trustedCert != null) {
                    a2 = i.f(trustedCert);
                    cAPublicKey = trustedCert.getPublicKey();
                } else {
                    a2 = i.a(e);
                    cAPublicKey = e.getCAPublicKey();
                }
                try {
                    r3 = b.h(cAPublicKey);
                    r3.getAlgorithm();
                    r3.getParameters();
                    if (build.getTargetConstraints() != null && !build.getTargetConstraints().match((Certificate) certificates.get(0))) {
                        throw new ExtCertPathValidatorException("Target certificate in certification path does not match targetConstraints.", null, certPath, 0);
                    }
                    int i8 = 1;
                    int size2 = certificates.size() - 1;
                    int i9 = size;
                    X509Certificate x509Certificate = null;
                    int i10 = i7;
                    ?? r52 = i4;
                    int i11 = i6;
                    PKIXPolicyNode pKIXPolicyNode = r52;
                    int i12 = r52;
                    while (size2 >= 0) {
                        int i13 = size - size2;
                        int i14 = size;
                        X509Certificate x509Certificate2 = (X509Certificate) certificates.get(size2);
                        int i15 = size2 == certificates.size() + (-1) ? i8 : 0;
                        try {
                            a(x509Certificate2);
                            int i16 = size2;
                            List<? extends Certificate> list2 = certificates;
                            PKIXNameConstraintValidator pKIXNameConstraintValidator2 = pKIXNameConstraintValidator;
                            Date date = s;
                            ArrayList[] arrayListArr2 = arrayListArr;
                            PKIXExtendedParameters pKIXExtendedParameters2 = build;
                            int i17 = i11;
                            ArrayList arrayList3 = arrayList2;
                            ?? r8 = i15;
                            TrustAnchor trustAnchor = e;
                            int i18 = i8;
                            m.z(certPath, build, s, pKIXCertRevocationChecker2, i16, cAPublicKey, r8, a2, trustedCert);
                            m.A(certPath, i16, pKIXNameConstraintValidator2, this.f14783b);
                            PKIXPolicyNode C = m.C(certPath, i16, m.B(certPath, i16, hashSet4, pKIXPolicyNode, arrayListArr2, i10, this.f14783b));
                            m.D(certPath, i16, C, i17);
                            if (i13 != i14) {
                                if (x509Certificate2 == null || x509Certificate2.getVersion() != i18) {
                                    m.d(certPath, i16);
                                    arrayListArr = arrayListArr2;
                                    PKIXPolicyNode c2 = m.c(certPath, i16, arrayListArr, C, i18);
                                    m.e(certPath, i16, pKIXNameConstraintValidator2);
                                    int f = m.f(certPath, i16, i17);
                                    int g = m.g(certPath, i16, i18);
                                    int h = m.h(certPath, i16, i10);
                                    i17 = m.i(certPath, i16, f);
                                    i3 = m.j(certPath, i16, g);
                                    i2 = m.k(certPath, i16, h);
                                    m.l(certPath, i16);
                                    i9 = m.n(certPath, i16, m.m(certPath, i16, i9));
                                    m.o(certPath, i16);
                                    Set<String> criticalExtensionOIDs = x509Certificate2.getCriticalExtensionOIDs();
                                    if (criticalExtensionOIDs != null) {
                                        hashSet2 = new HashSet(criticalExtensionOIDs);
                                        hashSet2.remove(m.m);
                                        hashSet2.remove(m.f14841b);
                                        hashSet2.remove(m.f14842c);
                                        hashSet2.remove(m.d);
                                        hashSet2.remove(m.e);
                                        hashSet2.remove(m.f);
                                        hashSet2.remove(m.g);
                                        hashSet2.remove(m.h);
                                        hashSet2.remove(m.j);
                                        hashSet2.remove(m.k);
                                    } else {
                                        hashSet2 = new HashSet();
                                    }
                                    arrayList = arrayList3;
                                    m.p(certPath, i16, hashSet2, arrayList);
                                    X500Name f2 = i.f(x509Certificate2);
                                    try {
                                        PublicKey n = b.n(certPath.getCertificates(), i16, this.f14782a);
                                        AlgorithmIdentifier h2 = b.h(n);
                                        h2.getAlgorithm();
                                        h2.getParameters();
                                        pKIXPolicyNode = c2;
                                        a2 = f2;
                                        cAPublicKey = n;
                                        trustedCert = x509Certificate2;
                                        i11 = i17;
                                        i10 = i2;
                                        arrayList2 = arrayList;
                                        i8 = i18;
                                        e = trustAnchor;
                                        s = date;
                                        i12 = i3;
                                        pKIXNameConstraintValidator = pKIXNameConstraintValidator2;
                                        x509Certificate = x509Certificate2;
                                        certificates = list2;
                                        size = i14;
                                        size2 = i16 - 1;
                                        build = pKIXExtendedParameters2;
                                    } catch (CertPathValidatorException e3) {
                                        throw new CertPathValidatorException("Next working key could not be retrieved.", e3, certPath, i16);
                                    }
                                } else if (i13 != i18 || !x509Certificate2.equals(trustAnchor.getTrustedCert())) {
                                    throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, certPath, i16);
                                }
                            }
                            i2 = i10;
                            arrayListArr = arrayListArr2;
                            arrayList = arrayList3;
                            i3 = i18;
                            pKIXPolicyNode = C;
                            i9 = i9;
                            i11 = i17;
                            i10 = i2;
                            arrayList2 = arrayList;
                            i8 = i18;
                            e = trustAnchor;
                            s = date;
                            i12 = i3;
                            pKIXNameConstraintValidator = pKIXNameConstraintValidator2;
                            x509Certificate = x509Certificate2;
                            certificates = list2;
                            size = i14;
                            size2 = i16 - 1;
                            build = pKIXExtendedParameters2;
                        } catch (AnnotatedException e4) {
                            throw new CertPathValidatorException(e4.getMessage(), e4.a(), certPath, size2);
                        }
                    }
                    PKIXExtendedParameters pKIXExtendedParameters3 = build;
                    ArrayList arrayList4 = arrayList2;
                    TrustAnchor trustAnchor2 = e;
                    X509Certificate x509Certificate3 = x509Certificate;
                    int i19 = size2;
                    int i20 = i19 + 1;
                    int F = m.F(certPath, i20, m.E(i11, x509Certificate3));
                    Set<String> criticalExtensionOIDs2 = x509Certificate3.getCriticalExtensionOIDs();
                    if (criticalExtensionOIDs2 != null) {
                        hashSet = new HashSet(criticalExtensionOIDs2);
                        hashSet.remove(m.m);
                        hashSet.remove(m.f14841b);
                        hashSet.remove(m.f14842c);
                        hashSet.remove(m.d);
                        hashSet.remove(m.e);
                        hashSet.remove(m.f);
                        hashSet.remove(m.g);
                        hashSet.remove(m.h);
                        hashSet.remove(m.j);
                        hashSet.remove(m.k);
                        hashSet.remove(m.i);
                        hashSet.remove(Extension.extendedKeyUsage.getId());
                    } else {
                        hashSet = new HashSet();
                    }
                    m.G(certPath, i20, arrayList4, hashSet);
                    PKIXPolicyNode H = m.H(certPath, pKIXExtendedParameters3, initialPolicies, i20, arrayListArr, pKIXPolicyNode, hashSet4);
                    if (F > 0 || H != null) {
                        return new PKIXCertPathValidatorResult(trustAnchor2, H, x509Certificate3.getPublicKey());
                    }
                    throw new CertPathValidatorException("Path processing failed on policy.", null, certPath, i19);
                } catch (CertPathValidatorException e5) {
                    throw new ExtCertPathValidatorException("Algorithm identifier of public key of trust anchor could not be read.", e5, certPath, -1);
                }
            } catch (RuntimeException e6) {
                throw new ExtCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", e6, certPath, r3);
            }
        } catch (AnnotatedException e7) {
            e = e7;
            i = 1;
            list = certificates;
        }
    }
}
