package org.bouncycastle.jce.provider;

import j1.C5238d;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.x509.C5686b;
import org.bouncycastle.asn1.x509.C5709y;
import org.bouncycastle.jcajce.u;

/* loaded from: classes4.dex */
public class I extends CertPathValidatorSpi {

    /* renamed from: a, reason: collision with root package name */
    public final org.bouncycastle.jcajce.util.c f24511a;
    public final boolean b;

    public I() {
        this(false);
    }

    public I(boolean z3) {
        this.f24511a = new org.bouncycastle.jcajce.util.c();
        this.b = z3;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void a(X509Certificate x509Certificate) {
        if (x509Certificate instanceof E1.a) {
            try {
            } catch (RuntimeException e3) {
                e = e3;
            }
            if (((E1.a) x509Certificate).getTBSCertificateNative() != null) {
                return;
            }
            e = null;
            throw new C6037a("unable to process TBSCertificate", e);
        }
        try {
            org.bouncycastle.asn1.x509.g0.l(x509Certificate.getTBSCertificate());
        } catch (IllegalArgumentException e4) {
            throw new C6037a(e4.getMessage());
        } catch (CertificateEncodingException e5) {
            throw new C6037a("unable to process TBSCertificate", e5);
        }
    }

    @Override // java.security.cert.CertPathValidatorSpi
    /* renamed from: b, reason: merged with bridge method [inline-methods] */
    public PKIXCertPathChecker engineGetRevocationChecker() {
        return new P(this.f24511a);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r15v7 */
    /* JADX WARN: Type inference failed for: r5v13, types: [java.security.cert.PKIXCertPathChecker, java.lang.Object] */
    @Override // java.security.cert.CertPathValidatorSpi
    public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        org.bouncycastle.jcajce.u uVar;
        int i3;
        List<? extends Certificate> list;
        C5238d e3;
        PublicKey cAPublicKey;
        HashSet hashSet;
        int i4;
        ArrayList[] arrayListArr;
        org.bouncycastle.jcajce.util.c cVar;
        ArrayList arrayList;
        int i5;
        HashSet hashSet2;
        if (certPathParameters instanceof PKIXParameters) {
            u.b bVar = new u.b((PKIXParameters) certPathParameters);
            if (certPathParameters instanceof org.bouncycastle.x509.h) {
                org.bouncycastle.x509.h hVar = (org.bouncycastle.x509.h) certPathParameters;
                bVar.i(hVar.f());
                bVar.j(hVar.getValidityModel());
            }
            uVar = bVar.e();
        } else if (certPathParameters instanceof org.bouncycastle.jcajce.t) {
            uVar = ((org.bouncycastle.jcajce.t) certPathParameters).getBaseParameters();
        } else {
            if (!(certPathParameters instanceof org.bouncycastle.jcajce.u)) {
                throw new InvalidAlgorithmParameterException("Parameters must be a " + PKIXParameters.class.getName() + " instance.");
            }
            uVar = (org.bouncycastle.jcajce.u) certPathParameters;
        }
        if (uVar.getTrustAnchors() == null) {
            throw new InvalidAlgorithmParameterException("trustAnchors is null, this is not allowed for certification path validation.");
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size();
        if (certificates.isEmpty()) {
            throw new CertPathValidatorException("Certification path is empty.", null, certPath, -1);
        }
        Date q3 = C6043g.q(uVar, new Date());
        Set initialPolicies = uVar.getInitialPolicies();
        try {
            TrustAnchor e4 = C6043g.e((X509Certificate) certificates.get(certificates.size() - 1), uVar.getTrustAnchors(), uVar.getSigProvider());
            if (e4 == null) {
                i3 = 1;
                list = certificates;
                try {
                    throw new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
                } catch (C6037a e5) {
                    e = e5;
                    throw new CertPathValidatorException(e.getMessage(), e.f24556a, certPath, list.size() - i3);
                }
            }
            a(e4.getTrustedCert());
            org.bouncycastle.jcajce.u e6 = new u.b(uVar).g(e4).e();
            ArrayList arrayList2 = new ArrayList();
            org.bouncycastle.jcajce.p pVar = null;
            for (?? r5 : e6.getCertPathCheckers()) {
                r5.init(false);
                if (!(r5 instanceof PKIXRevocationChecker)) {
                    arrayList2.add(r5);
                } else {
                    if (pVar != null) {
                        throw new CertPathValidatorException("only one PKIXRevocationChecker allowed");
                    }
                    pVar = r5 instanceof org.bouncycastle.jcajce.p ? (org.bouncycastle.jcajce.p) r5 : new V(r5);
                }
            }
            boolean d3 = e6.d();
            org.bouncycastle.jcajce.util.c cVar2 = this.f24511a;
            if (d3 && pVar == null) {
                pVar = new P(cVar2);
            }
            org.bouncycastle.jcajce.p pVar2 = pVar;
            int i6 = size + 1;
            ArrayList[] arrayListArr2 = new ArrayList[i6];
            for (int i7 = 0; i7 < i6; i7++) {
                arrayListArr2[i7] = new ArrayList();
            }
            HashSet hashSet3 = new HashSet();
            hashSet3.add(Q.f24538p);
            L l3 = new L(new ArrayList(), 0, hashSet3, null, new HashSet(), Q.f24538p, false);
            arrayListArr2[0].add(l3);
            J j3 = new J();
            HashSet hashSet4 = new HashSet();
            int i8 = e6.b() ? 0 : i6;
            int i9 = e6.a() ? 0 : i6;
            if (e6.c()) {
                i6 = 0;
            }
            X509Certificate trustedCert = e4.getTrustedCert();
            try {
                if (trustedCert != null) {
                    e3 = M.d(trustedCert);
                    cAPublicKey = trustedCert.getPublicKey();
                } else {
                    e3 = M.e(e4.getCA());
                    cAPublicKey = e4.getCAPublicKey();
                }
                try {
                    C5686b h3 = C6043g.h(cAPublicKey);
                    h3.getAlgorithm();
                    h3.getParameters();
                    if (e6.getTargetConstraints() != null && !e6.getTargetConstraints().R0((X509Certificate) certificates.get(0))) {
                        throw new K1.b("Target certificate in certification path does not match targetConstraints.", null, certPath, 0);
                    }
                    boolean z3 = true;
                    int size2 = certificates.size() - 1;
                    int i10 = size;
                    X509Certificate x509Certificate = null;
                    int i11 = i9;
                    int i12 = i6;
                    int i13 = i8;
                    L l4 = l3;
                    int i14 = i12;
                    while (i14 >= 0) {
                        int i15 = size - i14;
                        int i16 = size;
                        X509Certificate x509Certificate2 = (X509Certificate) certificates.get(i14);
                        boolean z4 = i14 == certificates.size() + (-1) ? z3 : false;
                        try {
                            a(x509Certificate2);
                            int i17 = i14;
                            List<? extends Certificate> list2 = certificates;
                            J j4 = j3;
                            ArrayList[] arrayListArr3 = arrayListArr2;
                            Date date = q3;
                            org.bouncycastle.jcajce.u uVar2 = e6;
                            int i18 = i13;
                            boolean z5 = z4;
                            TrustAnchor trustAnchor = e4;
                            int i19 = i12;
                            ?? r15 = z3;
                            Q.z(certPath, e6, q3, pVar2, i17, cAPublicKey, z5, e3, trustedCert);
                            Q.A(certPath, i17, j4, this.b);
                            L C3 = Q.C(certPath, i17, Q.B(certPath, i17, hashSet4, l4, arrayListArr3, i11, this.b));
                            Q.D(certPath, i17, C3, i18);
                            if (i15 != i16) {
                                if (x509Certificate2 == null || x509Certificate2.getVersion() != r15) {
                                    Q.d(certPath, i17);
                                    arrayListArr = arrayListArr3;
                                    L c = Q.c(certPath, i17, arrayListArr, C3, i19);
                                    Q.e(certPath, i17, j4);
                                    int f3 = Q.f(certPath, i17, i18);
                                    int g3 = Q.g(certPath, i17, i19);
                                    int h4 = Q.h(certPath, i17, i11);
                                    i18 = Q.i(certPath, i17, f3);
                                    i5 = Q.j(certPath, i17, g3);
                                    i4 = Q.k(certPath, i17, h4);
                                    Q.l(certPath, i17);
                                    i10 = Q.n(certPath, i17, Q.m(certPath, i17, i10));
                                    Q.o(certPath, i17);
                                    Set<String> criticalExtensionOIDs = x509Certificate2.getCriticalExtensionOIDs();
                                    if (criticalExtensionOIDs != null) {
                                        hashSet2 = new HashSet(criticalExtensionOIDs);
                                        hashSet2.remove(Q.f24536n);
                                        hashSet2.remove(Q.b);
                                        hashSet2.remove(Q.c);
                                        hashSet2.remove(Q.f24526d);
                                        hashSet2.remove(Q.f24527e);
                                        hashSet2.remove(Q.f24529g);
                                        hashSet2.remove(Q.f24530h);
                                        hashSet2.remove(Q.f24531i);
                                        hashSet2.remove(Q.f24533k);
                                        hashSet2.remove(Q.f24534l);
                                    } else {
                                        hashSet2 = new HashSet();
                                    }
                                    arrayList = r15;
                                    Q.p(certPath, i17, hashSet2, arrayList);
                                    C5238d d4 = M.d(x509Certificate2);
                                    try {
                                        cVar = r15;
                                        PublicKey n3 = C6043g.n(certPath.getCertificates(), i17, cVar);
                                        C5686b h5 = C6043g.h(n3);
                                        h5.getAlgorithm();
                                        h5.getParameters();
                                        l4 = c;
                                        e3 = d4;
                                        cAPublicKey = n3;
                                        trustedCert = x509Certificate2;
                                        i13 = i18;
                                        i12 = i5;
                                        i11 = i4;
                                        arrayListArr2 = arrayListArr;
                                        arrayList2 = arrayList;
                                        j3 = j4;
                                        cVar2 = cVar;
                                        z3 = r15;
                                        e4 = trustAnchor;
                                        certificates = list2;
                                        q3 = date;
                                        x509Certificate = x509Certificate2;
                                        size = i16;
                                        i14 = i17 - 1;
                                        e6 = uVar2;
                                    } catch (CertPathValidatorException e7) {
                                        throw new CertPathValidatorException("Next working key could not be retrieved.", e7, certPath, i17);
                                    }
                                } else if (i15 != r15 || !x509Certificate2.equals(trustAnchor.getTrustedCert())) {
                                    throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, certPath, i17);
                                }
                            }
                            i4 = i11;
                            arrayListArr = arrayListArr3;
                            cVar = r15;
                            arrayList = r15;
                            i5 = i19;
                            l4 = C3;
                            i10 = i10;
                            i13 = i18;
                            i12 = i5;
                            i11 = i4;
                            arrayListArr2 = arrayListArr;
                            arrayList2 = arrayList;
                            j3 = j4;
                            cVar2 = cVar;
                            z3 = r15;
                            e4 = trustAnchor;
                            certificates = list2;
                            q3 = date;
                            x509Certificate = x509Certificate2;
                            size = i16;
                            i14 = i17 - 1;
                            e6 = uVar2;
                        } catch (C6037a e8) {
                            throw new CertPathValidatorException(e8.getMessage(), e8.f24556a, certPath, i14);
                        }
                    }
                    org.bouncycastle.jcajce.u uVar3 = e6;
                    int i20 = i14;
                    ArrayList[] arrayListArr4 = arrayListArr2;
                    TrustAnchor trustAnchor2 = e4;
                    X509Certificate x509Certificate3 = x509Certificate;
                    ArrayList arrayList3 = arrayList2;
                    int i21 = i20 + 1;
                    int F3 = Q.F(certPath, i21, Q.E(i13, x509Certificate3));
                    Set<String> criticalExtensionOIDs2 = x509Certificate3.getCriticalExtensionOIDs();
                    if (criticalExtensionOIDs2 != null) {
                        hashSet = new HashSet(criticalExtensionOIDs2);
                        hashSet.remove(Q.f24536n);
                        hashSet.remove(Q.b);
                        hashSet.remove(Q.c);
                        hashSet.remove(Q.f24526d);
                        hashSet.remove(Q.f24527e);
                        hashSet.remove(Q.f24529g);
                        hashSet.remove(Q.f24530h);
                        hashSet.remove(Q.f24531i);
                        hashSet.remove(Q.f24533k);
                        hashSet.remove(Q.f24534l);
                        hashSet.remove(Q.f24532j);
                        hashSet.remove(C5709y.f21622C.getId());
                    } else {
                        hashSet = new HashSet();
                    }
                    Q.G(certPath, i21, arrayList3, hashSet);
                    L H3 = Q.H(certPath, uVar3, initialPolicies, i21, arrayListArr4, l4, hashSet4);
                    if (F3 > 0 || H3 != null) {
                        return new PKIXCertPathValidatorResult(trustAnchor2, H3, x509Certificate3.getPublicKey());
                    }
                    throw new CertPathValidatorException("Path processing failed on policy.", null, certPath, i20);
                } catch (CertPathValidatorException e9) {
                    throw new K1.b("Algorithm identifier of public key of trust anchor could not be read.", e9, certPath, -1);
                }
            } catch (RuntimeException e10) {
                throw new K1.b("Subject of trust anchor could not be (re)encoded.", e10, certPath, -1);
            }
        } catch (C6037a e11) {
            e = e11;
            i3 = 1;
            list = certificates;
        }
    }
}
