package org.jscep.client.inspect;

import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import kotlin.ArrayDecoders;
import kotlin.checkRecursionLimit;

/* loaded from: classes4.dex */
public abstract class AbstractCertStoreInspector implements CertStoreInspector {
    static final checkRecursionLimit LOGGER = ArrayDecoders.getCallback(AbstractCertStoreInspector.class);
    protected X509Certificate issuer;
    protected X509Certificate recipient;
    protected X509Certificate signer;
    protected final CertStore store;

    public AbstractCertStoreInspector(CertStore certStore) {
        this.store = certStore;
        try {
            inspect();
        } catch (CertStoreException e) {
            throw new RuntimeException(e);
        }
    }

    private void inspect() throws CertStoreException {
        Collection<? extends Certificate> certificates = this.store.getCertificates(null);
        LOGGER.onError("CertStore contains {} certificate(s):", Integer.valueOf(certificates.size()));
        Iterator<? extends Certificate> it = certificates.iterator();
        int i = 0;
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it.next();
            i++;
            LOGGER.getExtras("{}. '[dn={}; serial={}]'", Integer.valueOf(i), x509Certificate.getSubjectX500Principal(), x509Certificate.getSerialNumber());
        }
        checkRecursionLimit checkrecursionlimit = LOGGER;
        checkrecursionlimit.WindowInsetsCompatImpl29ExternalSyntheticApiModelOutline3("Looking for recipient entity");
        X509Certificate selectCertificate = selectCertificate(this.store, getRecipientSelectors());
        this.recipient = selectCertificate;
        checkrecursionlimit.INotificationSideChannelDefault("Using [dn={}; serial={}] for recipient entity", selectCertificate.getSubjectX500Principal(), this.recipient.getSerialNumber());
        checkrecursionlimit.WindowInsetsCompatImpl29ExternalSyntheticApiModelOutline3("Looking for message signing entity");
        X509Certificate selectCertificate2 = selectCertificate(this.store, getSignerSelectors());
        this.signer = selectCertificate2;
        checkrecursionlimit.INotificationSideChannelDefault("Using [dn={}; serial={}] for message signing entity", selectCertificate2.getSubjectX500Principal(), this.signer.getSerialNumber());
        checkrecursionlimit.WindowInsetsCompatImpl29ExternalSyntheticApiModelOutline3("Looking for issuing entity");
        X509Certificate selectCertificate3 = selectCertificate(this.store, getIssuerSelectors(this.recipient.getIssuerX500Principal().getEncoded()));
        this.issuer = selectCertificate3;
        checkrecursionlimit.INotificationSideChannelDefault("Using [dn={}; serial={}] for issuing entity", selectCertificate3.getSubjectX500Principal(), this.issuer.getSerialNumber());
    }

    @Override // org.jscep.client.inspect.CertStoreInspector
    public final X509Certificate getIssuer() {
        return this.issuer;
    }

    protected abstract Collection<X509CertSelector> getIssuerSelectors(byte[] bArr);

    @Override // org.jscep.client.inspect.CertStoreInspector
    public final X509Certificate getRecipient() {
        return this.recipient;
    }

    protected abstract Collection<X509CertSelector> getRecipientSelectors();

    @Override // org.jscep.client.inspect.CertStoreInspector
    public final X509Certificate getSigner() {
        return this.signer;
    }

    protected abstract Collection<X509CertSelector> getSignerSelectors();

    X509Certificate selectCertificate(CertStore certStore, Collection<X509CertSelector> collection) throws CertStoreException {
        for (X509CertSelector x509CertSelector : collection) {
            checkRecursionLimit checkrecursionlimit = LOGGER;
            checkrecursionlimit.onError("Selecting certificate using {}", x509CertSelector);
            Collection<? extends Certificate> certificates = certStore.getCertificates(x509CertSelector);
            if (certificates.size() > 0) {
                checkrecursionlimit.INotificationSideChannelDefault("Selected {} certificate(s) using {}", Integer.valueOf(certificates.size()), x509CertSelector);
                return (X509Certificate) certificates.iterator().next();
            }
            checkrecursionlimit.WindowInsetsCompatImpl29ExternalSyntheticApiModelOutline3("No certificates selected");
        }
        return (X509Certificate) certStore.getCertificates(null).iterator().next();
    }
}
