package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.C4260y;
import org.bouncycastle.jcajce.o;
import org.bouncycastle.jcajce.p;
import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
import org.bouncycastle.util.StoreException;

/* loaded from: classes3.dex */
public class A extends CertPathBuilderSpi {

    /* renamed from: a, reason: collision with root package name */
    public AnnotatedException f62714a;

    public final CertPathBuilderResult a(X509Certificate x509Certificate, org.bouncycastle.jcajce.p pVar, ArrayList arrayList) {
        HashSet hashSet;
        CertPathBuilderResult certPathBuilderResult = null;
        if (arrayList.contains(x509Certificate)) {
            return null;
        }
        org.bouncycastle.jcajce.q qVar = pVar.f62234a;
        if (pVar.f62235b.contains(x509Certificate)) {
            return null;
        }
        int i8 = pVar.f62236c;
        if (i8 != -1 && arrayList.size() - 1 > i8) {
            return null;
        }
        arrayList.add(x509Certificate);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", C4579b.f62788a);
            CertPathValidator certPathValidator = CertPathValidator.getInstance("RFC3281", C4579b.f62788a);
            try {
                Set set = qVar.f62625k;
                PKIXParameters pKIXParameters = qVar.f62615a;
                try {
                    if (C4584g.c(x509Certificate, set, pKIXParameters.getSigProvider()) != null) {
                        try {
                            CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
                            try {
                                PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pVar);
                                return new PKIXCertPathBuilderResult(generateCertPath, pKIXCertPathValidatorResult.getTrustAnchor(), pKIXCertPathValidatorResult.getPolicyTree(), pKIXCertPathValidatorResult.getPublicKey());
                            } catch (Exception e8) {
                                throw new AnnotatedException("Certification path could not be validated.", e8);
                            }
                        } catch (Exception e9) {
                            throw new AnnotatedException("Certification path could not be constructed from certificate list.", e9);
                        }
                    }
                } catch (Exception unused) {
                }
                ArrayList arrayList2 = new ArrayList();
                arrayList2.addAll(qVar.f62618d);
                try {
                    arrayList2.addAll(C4584g.d(x509Certificate.getExtensionValue(C4260y.f60379i.f59859a), qVar.f62619e));
                    hashSet = new HashSet();
                    try {
                        hashSet.addAll(C4584g.b(x509Certificate, pKIXParameters.getCertStores(), arrayList2));
                    } catch (AnnotatedException e10) {
                        throw new AnnotatedException("Cannot find issuer certificate for certificate in certification path.", e10);
                    }
                } catch (CertificateParsingException e11) {
                    throw new AnnotatedException("No additional X.509 stores can be added from certificate locations.", e11);
                }
            } catch (AnnotatedException e12) {
                this.f62714a = new AnnotatedException("No valid certification path could be build.", e12);
            }
            if (hashSet.isEmpty()) {
                throw new AnnotatedException("No issuer certificate for certificate in certification path found.", null);
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext() && certPathBuilderResult == null) {
                X509Certificate x509Certificate2 = (X509Certificate) it.next();
                if (!x509Certificate2.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
                    certPathBuilderResult = a(x509Certificate2, pVar, arrayList);
                }
            }
            if (certPathBuilderResult == null) {
                arrayList.remove(x509Certificate);
            }
            return certPathBuilderResult;
        } catch (Exception unused2) {
            throw new RuntimeException("Exception creating support classes.");
        }
    }

    @Override // java.security.cert.CertPathBuilderSpi
    public final CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) {
        org.bouncycastle.jcajce.p pVar;
        boolean z8 = certPathParameters instanceof PKIXBuilderParameters;
        if (!z8 && !(certPathParameters instanceof org.bouncycastle.x509.f) && !(certPathParameters instanceof org.bouncycastle.jcajce.p)) {
            throw new InvalidAlgorithmParameterException("Parameters must be an instance of " + PKIXBuilderParameters.class.getName() + " or " + org.bouncycastle.jcajce.p.class.getName() + ".");
        }
        List arrayList = new ArrayList();
        if (z8) {
            p.b bVar = new p.b((PKIXBuilderParameters) certPathParameters);
            if (certPathParameters instanceof org.bouncycastle.x509.g) {
                org.bouncycastle.x509.f fVar = (org.bouncycastle.x509.f) certPathParameters;
                bVar.f62239c.addAll(Collections.unmodifiableSet(fVar.f63734m));
                int i8 = fVar.f63733l;
                if (i8 < -1) {
                    throw new InvalidParameterException("The maximum path length parameter can not be less than -1.");
                }
                bVar.f62238b = i8;
                arrayList = Collections.unmodifiableList(new ArrayList(fVar.f63737a));
            }
            pVar = new org.bouncycastle.jcajce.p(bVar);
        } else {
            pVar = (org.bouncycastle.jcajce.p) certPathParameters;
        }
        ArrayList arrayList2 = new ArrayList();
        org.bouncycastle.jcajce.q qVar = pVar.f62234a;
        Cloneable cloneable = qVar.f62616b;
        if (!(cloneable instanceof org.bouncycastle.x509.l)) {
            throw new CertPathBuilderException("TargetConstraints must be an instance of " + org.bouncycastle.x509.l.class.getName() + " for " + getClass().getName() + " class.");
        }
        try {
            org.bouncycastle.x509.l lVar = (org.bouncycastle.x509.l) cloneable;
            HashSet hashSet = new HashSet();
            for (Object obj : arrayList) {
                if (obj instanceof org.bouncycastle.util.p) {
                    try {
                        hashSet.addAll(((org.bouncycastle.util.p) obj).b(lVar));
                    } catch (StoreException e8) {
                        throw new AnnotatedException("Problem while picking certificates from X.509 store.", e8);
                    }
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathBuilderException("No attribute certificate found matching targetContraints.");
            }
            Iterator it = hashSet.iterator();
            CertPathBuilderResult certPathBuilderResult = null;
            while (it.hasNext() && certPathBuilderResult == null) {
                org.bouncycastle.x509.m mVar = (org.bouncycastle.x509.m) it.next();
                X509CertSelector x509CertSelector = new X509CertSelector();
                Principal[] a8 = mVar.i().a();
                HashSet hashSet2 = new HashSet();
                for (Principal principal : a8) {
                    try {
                        if (principal instanceof X500Principal) {
                            x509CertSelector.setSubject(((X500Principal) principal).getEncoded());
                        }
                        org.bouncycastle.jcajce.o a9 = new o.b(x509CertSelector).a();
                        hashSet2.addAll(C4584g.a(a9, qVar.f62615a.getCertStores()));
                        hashSet2.addAll(C4584g.a(a9, qVar.f62618d));
                    } catch (IOException e9) {
                        throw new ExtCertPathBuilderException("cannot encode X500Principal.", e9);
                    } catch (AnnotatedException e10) {
                        throw new ExtCertPathBuilderException("Public key certificate for attribute certificate cannot be searched.", e10);
                    }
                }
                if (hashSet2.isEmpty()) {
                    throw new CertPathBuilderException("Public key certificate for attribute certificate cannot be found.");
                }
                Iterator it2 = hashSet2.iterator();
                while (it2.hasNext() && certPathBuilderResult == null) {
                    certPathBuilderResult = a((X509Certificate) it2.next(), pVar, arrayList2);
                }
            }
            if (certPathBuilderResult == null && this.f62714a != null) {
                throw new ExtCertPathBuilderException("Possible certificate chain could not be validated.", this.f62714a);
            }
            if (certPathBuilderResult == null && this.f62714a == null) {
                throw new CertPathBuilderException("Unable to find certificate chain.");
            }
            return certPathBuilderResult;
        } catch (AnnotatedException e11) {
            throw new ExtCertPathBuilderException("Error finding target attribute certificate.", e11);
        }
    }
}
