package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
import org.bouncycastle.util.Selector;
import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
import org.bouncycastle.x509.ExtendedPKIXParameters;
import org.bouncycastle.x509.X509AttributeCertStoreSelector;
import org.bouncycastle.x509.X509AttributeCertificate;
import org.bouncycastle.x509.X509CertStoreSelector;

/* loaded from: classes2.dex */
public class PKIXAttrCertPathBuilderSpi extends CertPathBuilderSpi {
    private Exception certPathException;

    private void addAdditionalStoresFromAltNames(X509Certificate x509Certificate, ExtendedPKIXParameters extendedPKIXParameters) throws CertificateParsingException {
        if (x509Certificate.getIssuerAlternativeNames() != null) {
            for (List<?> list : x509Certificate.getIssuerAlternativeNames()) {
                if (list.get(0).equals(new Integer(6))) {
                    CertPathValidatorUtilities.addAdditionalStoreFromLocation((String) list.get(1), extendedPKIXParameters);
                }
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:44:0x00e6  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.security.cert.CertPathBuilderResult build(org.bouncycastle.x509.X509AttributeCertificate r6, java.security.cert.X509Certificate r7, org.bouncycastle.x509.ExtendedPKIXBuilderParameters r8, java.util.List r9) {
        /*
            r5 = this;
            java.lang.String r0 = "BC"
            boolean r1 = r9.contains(r7)
            r2 = 0
            if (r1 == 0) goto La
            return r2
        La:
            java.util.Set r1 = r8.getExcludedCerts()
            boolean r1 = r1.contains(r7)
            if (r1 == 0) goto L15
            return r2
        L15:
            int r1 = r8.getMaxPathLength()
            r3 = -1
            if (r1 == r3) goto L29
            int r1 = r9.size()
            int r1 = r1 + (-1)
            int r3 = r8.getMaxPathLength()
            if (r1 <= r3) goto L29
            return r2
        L29:
            r9.add(r7)
            java.lang.String r1 = "X.509"
            java.security.cert.CertificateFactory r1 = java.security.cert.CertificateFactory.getInstance(r1, r0)     // Catch: java.lang.Exception -> Lea
            java.lang.String r3 = "PKIX"
            java.security.cert.CertPathValidator r0 = java.security.cert.CertPathValidator.getInstance(r3, r0)     // Catch: java.lang.Exception -> Lea
            java.util.Set r3 = r8.getTrustAnchors()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.security.cert.TrustAnchor r3 = r5.findTrustAnchor(r7, r3)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            if (r3 == 0) goto L70
            java.security.cert.CertPath r6 = r1.generateCertPath(r9)     // Catch: java.lang.Exception -> L67 org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.security.cert.CertPathValidatorResult r8 = r0.validate(r6, r8)     // Catch: java.lang.Exception -> L5e org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.security.cert.PKIXCertPathValidatorResult r8 = (java.security.cert.PKIXCertPathValidatorResult) r8     // Catch: java.lang.Exception -> L5e org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.security.cert.PKIXCertPathBuilderResult r0 = new java.security.cert.PKIXCertPathBuilderResult     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.security.cert.TrustAnchor r1 = r8.getTrustAnchor()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.security.cert.PolicyNode r3 = r8.getPolicyTree()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.security.PublicKey r8 = r8.getPublicKey()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            r0.<init>(r6, r1, r3, r8)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            return r0
        L5e:
            r6 = move-exception
            org.bouncycastle.jce.provider.AnnotatedException r8 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.lang.String r0 = "Certification path could not be validated."
            r8.<init>(r0, r6)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            throw r8     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
        L67:
            r6 = move-exception
            org.bouncycastle.jce.provider.AnnotatedException r8 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.lang.String r0 = "Certification path could not be constructed from certificate list."
            r8.<init>(r0, r6)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            throw r8     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
        L70:
            r5.addAdditionalStoresFromAltNames(r7, r8)     // Catch: java.security.cert.CertificateParsingException -> Ld1 org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.util.HashSet r0 = new java.util.HashSet     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            r0.<init>()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.util.List r1 = r8.getStores()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
            java.util.Collection r1 = r5.findIssuerCerts(r7, r1)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
            r0.addAll(r1)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
            boolean r1 = r0.isEmpty()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
            if (r1 == 0) goto L94
            java.util.List r1 = r8.getAddionalStores()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
            java.util.Collection r1 = r5.findIssuerCerts(r7, r1)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
            r0.addAll(r1)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
        L94:
            boolean r1 = r0.isEmpty()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            if (r1 != 0) goto Lc0
            java.util.Iterator r0 = r0.iterator()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
        L9e:
            boolean r1 = r0.hasNext()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            if (r1 == 0) goto Le4
            if (r2 != 0) goto Le4
            java.lang.Object r1 = r0.next()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.security.cert.X509Certificate r1 = (java.security.cert.X509Certificate) r1     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            javax.security.auth.x500.X500Principal r3 = r1.getIssuerX500Principal()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            javax.security.auth.x500.X500Principal r4 = r1.getSubjectX500Principal()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            boolean r3 = r3.equals(r4)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            if (r3 == 0) goto Lbb
            goto L9e
        Lbb:
            java.security.cert.CertPathBuilderResult r2 = r5.build(r6, r1, r8, r9)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            goto L9e
        Lc0:
            org.bouncycastle.jce.provider.AnnotatedException r6 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.lang.String r8 = "No issuer certificate for certificate in certification path found."
            r6.<init>(r8)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            throw r6     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
        Lc8:
            r6 = move-exception
            org.bouncycastle.jce.provider.AnnotatedException r8 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.lang.String r0 = "Cannot find issuer certificate for certificate in certification path."
            r8.<init>(r0, r6)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            throw r8     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
        Ld1:
            r6 = move-exception
            org.bouncycastle.jce.provider.AnnotatedException r8 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            java.lang.String r0 = "No additiontal X.509 stores can be added from certificate locations."
            r8.<init>(r0, r6)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
            throw r8     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lda
        Lda:
            r6 = move-exception
            org.bouncycastle.jce.provider.AnnotatedException r8 = new org.bouncycastle.jce.provider.AnnotatedException
            java.lang.String r0 = "No valid certification path could be build."
            r8.<init>(r0, r6)
            r5.certPathException = r8
        Le4:
            if (r2 != 0) goto Le9
            r9.remove(r7)
        Le9:
            return r2
        Lea:
            java.lang.RuntimeException r6 = new java.lang.RuntimeException
            java.lang.String r7 = "Exception creating support classes."
            r6.<init>(r7)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi.build(org.bouncycastle.x509.X509AttributeCertificate, java.security.cert.X509Certificate, org.bouncycastle.x509.ExtendedPKIXBuilderParameters, java.util.List):java.security.cert.CertPathBuilderResult");
    }

    private Collection findIssuerCerts(X509Certificate x509Certificate, List list) throws AnnotatedException {
        X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector();
        HashSet hashSet = new HashSet();
        try {
            x509CertStoreSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            try {
                AnnotatedException annotatedException = null;
                boolean z = false;
                for (X509Certificate x509Certificate2 : CertPathValidatorUtilities.findCertificates((Selector) x509CertStoreSelector, list)) {
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                        hashSet.add(x509Certificate2);
                        z = true;
                    } catch (Exception e) {
                        annotatedException = new AnnotatedException("Issued certificate could not be verified with issuer certificate.", e);
                    }
                }
                if (z || annotatedException == null) {
                    return hashSet;
                }
                throw new AnnotatedException("Issuer certificate found but certificate validation failed for certificate.", annotatedException);
            } catch (AnnotatedException e2) {
                throw new AnnotatedException("Issuer certificate cannot be searched.", e2);
            }
        } catch (IOException e3) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e3);
        }
    }

    private TrustAnchor findTrustAnchor(X509Certificate x509Certificate, Set set) throws AnnotatedException {
        Iterator it = set.iterator();
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            TrustAnchor trustAnchor = null;
            Exception e = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (x509Certificate.getIssuerX500Principal().getName().equals(trustAnchor.getCAName())) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        x509Certificate.verify(publicKey);
                    } catch (Exception e2) {
                        e = e2;
                        trustAnchor = null;
                    }
                }
            }
            if (trustAnchor != null || e == null) {
                return trustAnchor;
            }
            throw new AnnotatedException("Trust anchor found, but certificate validation failed for certificate.", e);
        } catch (IOException e3) {
            throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", e3);
        }
    }

    @Override // java.security.cert.CertPathBuilderSpi
    public CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        if (!(certPathParameters instanceof PKIXBuilderParameters) && !(certPathParameters instanceof ExtendedPKIXBuilderParameters)) {
            throw new InvalidAlgorithmParameterException("Parameters must be an instance of " + PKIXBuilderParameters.class.getName() + " or " + ExtendedPKIXBuilderParameters.class.getName() + ".");
        }
        if (!(certPathParameters instanceof ExtendedPKIXBuilderParameters)) {
            certPathParameters = ExtendedPKIXBuilderParameters.getInstance((PKIXBuilderParameters) certPathParameters);
        }
        ExtendedPKIXBuilderParameters extendedPKIXBuilderParameters = (ExtendedPKIXBuilderParameters) certPathParameters;
        ArrayList arrayList = new ArrayList();
        Selector targetConstraints = extendedPKIXBuilderParameters.getTargetConstraints();
        if (!(targetConstraints instanceof X509AttributeCertStoreSelector)) {
            throw new CertPathBuilderException("TargetConstraints must be an instance of " + X509AttributeCertStoreSelector.class.getName() + " for " + getClass().getName() + " class.");
        }
        try {
            Collection findCertificates = CertPathValidatorUtilities.findCertificates(targetConstraints, extendedPKIXBuilderParameters.getStores());
            if (findCertificates.isEmpty()) {
                throw new CertPathBuilderException("No attribute certificate found matching targetContraints.");
            }
            CertPathBuilderResult certPathBuilderResult = null;
            Iterator it = findCertificates.iterator();
            while (it.hasNext() && certPathBuilderResult == null) {
                X509AttributeCertificate x509AttributeCertificate = (X509AttributeCertificate) it.next();
                X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector();
                Principal[] principals = x509AttributeCertificate.getIssuer().getPrincipals();
                HashSet hashSet = new HashSet();
                for (int i = 0; i < principals.length; i++) {
                    try {
                        if (principals[i] instanceof X500Principal) {
                            x509CertStoreSelector.setSubject(((X500Principal) principals[i]).getEncoded());
                        }
                        hashSet.addAll(CertPathValidatorUtilities.findCertificates((Selector) x509CertStoreSelector, extendedPKIXBuilderParameters.getStores()));
                    } catch (IOException e) {
                        throw new ExtCertPathBuilderException("cannot encode X500Proncipal.", e);
                    } catch (AnnotatedException e2) {
                        throw new ExtCertPathBuilderException("Public key certificate for attribute certificate cannot be searched.", e2);
                    }
                }
                if (hashSet.isEmpty()) {
                    throw new CertPathBuilderException("Public key certificate for attribute certificate cannot be found.");
                }
                Iterator it2 = hashSet.iterator();
                while (it2.hasNext() && certPathBuilderResult == null) {
                    certPathBuilderResult = build(x509AttributeCertificate, (X509Certificate) it2.next(), extendedPKIXBuilderParameters, arrayList);
                }
            }
            if (certPathBuilderResult == null && this.certPathException != null) {
                throw new ExtCertPathBuilderException("Possible certificate chain could not be validated.", this.certPathException);
            }
            if (certPathBuilderResult == null && this.certPathException == null) {
                throw new CertPathBuilderException("Unable to find certificate chain.");
            }
            return certPathBuilderResult;
        } catch (AnnotatedException e3) {
            throw new ExtCertPathBuilderException("Error finding target attribute certificate.", e3);
        }
    }
}
