package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.jcajce.PKIXCertStoreSelector;
import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.StoreException;
import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
import org.bouncycastle.x509.ExtendedPKIXParameters;
import org.bouncycastle.x509.X509AttributeCertStoreSelector;
import org.bouncycastle.x509.X509AttributeCertificate;

/* loaded from: classes3.dex */
public class PKIXAttrCertPathBuilderSpi extends CertPathBuilderSpi {

    /* renamed from: a, reason: collision with root package name */
    public AnnotatedException f26942a;

    public final CertPathBuilderResult a(X509Certificate x509Certificate, PKIXExtendedBuilderParameters pKIXExtendedBuilderParameters, ArrayList arrayList) {
        HashSet hashSet;
        CertPathBuilderResult certPathBuilderResult = null;
        if (arrayList.contains(x509Certificate) || pKIXExtendedBuilderParameters.b.contains(x509Certificate)) {
            return null;
        }
        int i = pKIXExtendedBuilderParameters.f26597c;
        if (i != -1 && arrayList.size() - 1 > i) {
            return null;
        }
        arrayList.add(x509Certificate);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            CertPathValidator certPathValidator = CertPathValidator.getInstance("RFC3281", "BC");
            try {
                PKIXExtendedParameters pKIXExtendedParameters = pKIXExtendedBuilderParameters.f26596a;
                Set set = pKIXExtendedParameters.Y;
                PKIXParameters pKIXParameters = pKIXExtendedParameters.f26600a;
                try {
                    if (CertPathValidatorUtilities.d(x509Certificate, set, pKIXParameters.getSigProvider()) != null) {
                        try {
                            CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
                            try {
                                PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXExtendedBuilderParameters);
                                return new PKIXCertPathBuilderResult(generateCertPath, pKIXCertPathValidatorResult.getTrustAnchor(), pKIXCertPathValidatorResult.getPolicyTree(), pKIXCertPathValidatorResult.getPublicKey());
                            } catch (Exception e2) {
                                throw new AnnotatedException(e2, "Certification path could not be validated.");
                            }
                        } catch (Exception e3) {
                            throw new AnnotatedException(e3, "Certification path could not be constructed from certificate list.");
                        }
                    }
                } catch (Exception unused) {
                }
                ArrayList arrayList2 = new ArrayList();
                arrayList2.addAll(pKIXExtendedParameters.f26602e);
                try {
                    arrayList2.addAll(CertPathValidatorUtilities.e(x509Certificate.getExtensionValue(Extension.f26030f.f25661a), pKIXExtendedParameters.f26603f));
                    hashSet = new HashSet();
                    try {
                        hashSet.addAll(CertPathValidatorUtilities.b(x509Certificate, pKIXParameters.getCertStores(), arrayList2));
                    } catch (AnnotatedException e4) {
                        throw new AnnotatedException(e4, "Cannot find issuer certificate for certificate in certification path.");
                    }
                } catch (CertificateParsingException e5) {
                    throw new AnnotatedException(e5, "No additional X.509 stores can be added from certificate locations.");
                }
            } catch (AnnotatedException e6) {
                this.f26942a = new AnnotatedException(e6, "No valid certification path could be build.");
            }
            if (hashSet.isEmpty()) {
                throw new AnnotatedException(null, "No issuer certificate for certificate in certification path found.");
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext() && certPathBuilderResult == null) {
                X509Certificate x509Certificate2 = (X509Certificate) it.next();
                if (!x509Certificate2.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
                    certPathBuilderResult = a(x509Certificate2, pKIXExtendedBuilderParameters, arrayList);
                }
            }
            if (certPathBuilderResult == null) {
                arrayList.remove(x509Certificate);
            }
            return certPathBuilderResult;
        } catch (Exception unused2) {
            throw new RuntimeException("Exception creating support classes.");
        }
    }

    @Override // java.security.cert.CertPathBuilderSpi
    public final CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) {
        PKIXExtendedBuilderParameters pKIXExtendedBuilderParameters;
        boolean z = certPathParameters instanceof PKIXBuilderParameters;
        if (!z && !(certPathParameters instanceof ExtendedPKIXBuilderParameters) && !(certPathParameters instanceof PKIXExtendedBuilderParameters)) {
            throw new InvalidAlgorithmParameterException("Parameters must be an instance of " + PKIXBuilderParameters.class.getName() + " or " + PKIXExtendedBuilderParameters.class.getName() + ".");
        }
        List arrayList = new ArrayList();
        if (z) {
            PKIXExtendedBuilderParameters.Builder builder = new PKIXExtendedBuilderParameters.Builder((PKIXBuilderParameters) certPathParameters);
            if (certPathParameters instanceof ExtendedPKIXParameters) {
                ExtendedPKIXBuilderParameters extendedPKIXBuilderParameters = (ExtendedPKIXBuilderParameters) certPathParameters;
                builder.f26599c.addAll(Collections.unmodifiableSet(extendedPKIXBuilderParameters.X));
                int i = extendedPKIXBuilderParameters.z;
                if (i < -1) {
                    throw new InvalidParameterException("The maximum path length parameter can not be less than -1.");
                }
                builder.b = i;
                arrayList = Collections.unmodifiableList(new ArrayList(extendedPKIXBuilderParameters.f27521a));
            }
            pKIXExtendedBuilderParameters = new PKIXExtendedBuilderParameters(builder);
        } else {
            pKIXExtendedBuilderParameters = (PKIXExtendedBuilderParameters) certPathParameters;
        }
        ArrayList arrayList2 = new ArrayList();
        PKIXExtendedParameters pKIXExtendedParameters = pKIXExtendedBuilderParameters.f26596a;
        Selector selector = pKIXExtendedParameters.b;
        if (!(selector instanceof X509AttributeCertStoreSelector)) {
            throw new CertPathBuilderException("TargetConstraints must be an instance of " + X509AttributeCertStoreSelector.class.getName() + " for " + getClass().getName() + " class.");
        }
        try {
            X509AttributeCertStoreSelector x509AttributeCertStoreSelector = (X509AttributeCertStoreSelector) selector;
            HashSet hashSet = new HashSet();
            for (Object obj : arrayList) {
                if (obj instanceof Store) {
                    try {
                        hashSet.addAll(((Store) obj).a(x509AttributeCertStoreSelector));
                    } catch (StoreException e2) {
                        throw new AnnotatedException(e2, "Problem while picking certificates from X.509 store.");
                    }
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathBuilderException("No attribute certificate found matching targetConstraints.");
            }
            Iterator it = hashSet.iterator();
            CertPathBuilderResult certPathBuilderResult = null;
            while (it.hasNext() && certPathBuilderResult == null) {
                X509AttributeCertificate x509AttributeCertificate = (X509AttributeCertificate) it.next();
                X509CertSelector x509CertSelector = new X509CertSelector();
                Principal[] a2 = x509AttributeCertificate.j().a();
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                for (Principal principal : a2) {
                    try {
                        if (principal instanceof X500Principal) {
                            x509CertSelector.setSubject(((X500Principal) principal).getEncoded());
                        }
                        PKIXCertStoreSelector a3 = new PKIXCertStoreSelector.Builder(x509CertSelector).a();
                        CertPathValidatorUtilities.a(linkedHashSet, a3, pKIXExtendedParameters.f26600a.getCertStores());
                        CertPathValidatorUtilities.a(linkedHashSet, a3, pKIXExtendedParameters.f26602e);
                    } catch (IOException e3) {
                        throw new ExtCertPathBuilderException(e3, "cannot encode X500Principal.");
                    } catch (AnnotatedException e4) {
                        throw new ExtCertPathBuilderException(e4, "Public key certificate for attribute certificate cannot be searched.");
                    }
                }
                if (linkedHashSet.isEmpty()) {
                    throw new CertPathBuilderException("Public key certificate for attribute certificate cannot be found.");
                }
                Iterator it2 = linkedHashSet.iterator();
                while (it2.hasNext() && certPathBuilderResult == null) {
                    certPathBuilderResult = a((X509Certificate) it2.next(), pKIXExtendedBuilderParameters, arrayList2);
                }
            }
            if (certPathBuilderResult == null && this.f26942a != null) {
                throw new ExtCertPathBuilderException(this.f26942a, "Possible certificate chain could not be validated.");
            }
            if (certPathBuilderResult == null && this.f26942a == null) {
                throw new CertPathBuilderException("Unable to find certificate chain.");
            }
            return certPathBuilderResult;
        } catch (AnnotatedException e5) {
            throw new ExtCertPathBuilderException(e5, "Error finding target attribute certificate.");
        }
    }
}
