package defpackage;

import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* compiled from: PKIXCertPathValidatorSpi.java */
/* loaded from: classes.dex */
public class ec1 extends CertPathValidatorSpi {
    @Override // java.security.cert.CertPathValidatorSpi
    public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        X500Principal x500Principal;
        PublicKey cAPublicKey;
        HashSet hashSet;
        ArrayList[] arrayListArr;
        HashSet hashSet2;
        if (!(certPathParameters instanceof PKIXParameters)) {
            throw new InvalidAlgorithmParameterException("Parameters must be a " + PKIXParameters.class.getName() + " instance.");
        }
        yn1 b = certPathParameters instanceof yn1 ? (yn1) certPathParameters : yn1.b((PKIXParameters) certPathParameters);
        if (b.getTrustAnchors() == null) {
            throw new InvalidAlgorithmParameterException("trustAnchors is null, this is not allowed for certification path validation.");
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size();
        int i = 0;
        if (certificates.isEmpty()) {
            throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
        }
        Set<String> initialPolicies = b.getInitialPolicies();
        try {
            TrustAnchor a = db1.a((X509Certificate) certificates.get(certificates.size() - 1), b.getTrustAnchors(), b.getSigProvider());
            if (a == null) {
                throw new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
            }
            int i2 = size + 1;
            ArrayList[] arrayListArr2 = new ArrayList[i2];
            int i3 = 0;
            while (i3 < arrayListArr2.length) {
                arrayListArr2[i3] = new ArrayList();
                i3++;
                b = b;
                i = 0;
            }
            HashSet hashSet3 = new HashSet();
            hashSet3.add("2.5.29.32.0");
            hc1 hc1Var = new hc1(new ArrayList(), 0, hashSet3, null, new HashSet(), "2.5.29.32.0", false);
            arrayListArr2[i].add(hc1Var);
            fc1 fc1Var = new fc1();
            HashSet hashSet4 = new HashSet();
            int i4 = b.isExplicitPolicyRequired() ? 0 : i2;
            int i5 = b.isAnyPolicyInhibited() ? 0 : i2;
            if (b.isPolicyMappingInhibited()) {
                i2 = 0;
            }
            X509Certificate trustedCert = a.getTrustedCert();
            try {
                if (trustedCert != null) {
                    X500Principal a2 = db1.a(trustedCert);
                    cAPublicKey = trustedCert.getPublicKey();
                    x500Principal = a2;
                } else {
                    x500Principal = new X500Principal(a.getCAName());
                    cAPublicKey = a.getCAPublicKey();
                }
                try {
                    qe0 a3 = db1.a(cAPublicKey);
                    a3.i();
                    a3.j();
                    if (b.f() != null && !b.f().a((X509Certificate) certificates.get(i))) {
                        throw new ea1("Target certificate in certification path does not match targetConstraints.", null, certPath, i);
                    }
                    List<PKIXCertPathChecker> certPathCheckers = b.getCertPathCheckers();
                    Iterator<PKIXCertPathChecker> it = certPathCheckers.iterator();
                    while (it.hasNext()) {
                        it.next().init(false);
                        arrayListArr2 = arrayListArr2;
                        fc1Var = fc1Var;
                        b = b;
                    }
                    int size2 = certificates.size() - 1;
                    hc1 hc1Var2 = hc1Var;
                    X509Certificate x509Certificate = trustedCert;
                    X509Certificate x509Certificate2 = null;
                    X500Principal x500Principal2 = x500Principal;
                    int i6 = size;
                    int i7 = i5;
                    int i8 = i4;
                    int i9 = i7;
                    while (size2 >= 0) {
                        int i10 = size - size2;
                        X509Certificate x509Certificate3 = (X509Certificate) certificates.get(size2);
                        Set<String> set = initialPolicies;
                        boolean z = size2 == certificates.size() + (-1);
                        int i11 = i6;
                        TrustAnchor trustAnchor = a;
                        int i12 = i2;
                        int i13 = i9;
                        yn1 yn1Var = b;
                        List<? extends Certificate> list = certificates;
                        int i14 = i8;
                        boolean z2 = z;
                        fc1 fc1Var2 = fc1Var;
                        ArrayList[] arrayListArr3 = arrayListArr2;
                        ic1.a(certPath, b, size2, cAPublicKey, z2, x500Principal2, x509Certificate);
                        ic1.b(certPath, size2, fc1Var2);
                        hc1 a4 = ic1.a(certPath, size2, ic1.a(certPath, size2, hashSet4, hc1Var2, arrayListArr3, i13));
                        ic1.a(certPath, size2, a4, i14);
                        if (i10 == size) {
                            arrayListArr = arrayListArr3;
                            hc1Var2 = a4;
                            i9 = i13;
                            i8 = i14;
                            i6 = i11;
                            i2 = i12;
                        } else {
                            if (x509Certificate3 != null && x509Certificate3.getVersion() == 1) {
                                throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, certPath, size2);
                            }
                            ic1.a(certPath, size2);
                            arrayListArr = arrayListArr3;
                            hc1 a5 = ic1.a(certPath, size2, arrayListArr, a4, i12);
                            ic1.a(certPath, size2, fc1Var2);
                            int a6 = ic1.a(certPath, size2, i14);
                            int b2 = ic1.b(certPath, size2, i12);
                            int c = ic1.c(certPath, size2, i13);
                            int d = ic1.d(certPath, size2, a6);
                            int e = ic1.e(certPath, size2, b2);
                            int f = ic1.f(certPath, size2, c);
                            ic1.b(certPath, size2);
                            int h = ic1.h(certPath, size2, ic1.g(certPath, size2, i11));
                            ic1.c(certPath, size2);
                            Set<String> criticalExtensionOIDs = x509Certificate3.getCriticalExtensionOIDs();
                            if (criticalExtensionOIDs != null) {
                                hashSet2 = new HashSet(criticalExtensionOIDs);
                                hashSet2.remove(ic1.n);
                                hashSet2.remove(ic1.b);
                                hashSet2.remove(ic1.c);
                                hashSet2.remove(ic1.d);
                                hashSet2.remove(ic1.e);
                                hashSet2.remove(ic1.g);
                                hashSet2.remove(ic1.h);
                                hashSet2.remove(ic1.i);
                                hashSet2.remove(ic1.k);
                                hashSet2.remove(ic1.l);
                            } else {
                                hashSet2 = new HashSet();
                            }
                            ic1.a(certPath, size2, hashSet2, certPathCheckers);
                            x500Principal2 = db1.a(x509Certificate3);
                            try {
                                cAPublicKey = db1.a(certPath.getCertificates(), size2);
                                qe0 a7 = db1.a(cAPublicKey);
                                a7.i();
                                a7.j();
                                hc1Var2 = a5;
                                i6 = h;
                                x509Certificate = x509Certificate3;
                                i8 = d;
                                i2 = e;
                                i9 = f;
                            } catch (CertPathValidatorException e2) {
                                throw new CertPathValidatorException("Next working key could not be retrieved.", e2, certPath, size2);
                            }
                        }
                        size2--;
                        arrayListArr2 = arrayListArr;
                        fc1Var = fc1Var2;
                        x509Certificate2 = x509Certificate3;
                        initialPolicies = set;
                        a = trustAnchor;
                        b = yn1Var;
                        certificates = list;
                    }
                    int a8 = ic1.a(i8, x509Certificate2);
                    int i15 = size2 + 1;
                    int i16 = ic1.i(certPath, i15, a8);
                    Set<String> criticalExtensionOIDs2 = x509Certificate2.getCriticalExtensionOIDs();
                    if (criticalExtensionOIDs2 != null) {
                        hashSet = new HashSet(criticalExtensionOIDs2);
                        hashSet.remove(ic1.n);
                        hashSet.remove(ic1.b);
                        hashSet.remove(ic1.c);
                        hashSet.remove(ic1.d);
                        hashSet.remove(ic1.e);
                        hashSet.remove(ic1.g);
                        hashSet.remove(ic1.h);
                        hashSet.remove(ic1.i);
                        hashSet.remove(ic1.k);
                        hashSet.remove(ic1.l);
                        hashSet.remove(ic1.j);
                    } else {
                        hashSet = new HashSet();
                    }
                    ic1.a(certPath, i15, certPathCheckers, hashSet);
                    X509Certificate x509Certificate4 = x509Certificate2;
                    hc1 a9 = ic1.a(certPath, b, initialPolicies, i15, arrayListArr2, hc1Var2, hashSet4);
                    if (i16 > 0 || a9 != null) {
                        return new PKIXCertPathValidatorResult(a, a9, x509Certificate4.getPublicKey());
                    }
                    throw new CertPathValidatorException("Path processing failed on policy.", null, certPath, size2);
                } catch (CertPathValidatorException e3) {
                    throw new ea1("Algorithm identifier of public key of trust anchor could not be read.", e3, certPath, -1);
                }
            } catch (IllegalArgumentException e4) {
                throw new ea1("Subject of trust anchor could not be (re)encoded.", e4, certPath, -1);
            }
        } catch (za1 e5) {
            throw new CertPathValidatorException(e5.getMessage(), e5, certPath, certificates.size() - 1);
        }
    }
}
