package com.rsa.cryptoj.c;

import com.rsa.cryptoj.c.pq;
import com.rsa.cryptoj.c.pv;
import com.rsa.jcp.X509V1ValidatorParameters;
import com.rsa.jcp.X509V1ValidatorResult;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/rsa/cryptoj/c/qw.class */
public final class qw extends qx {
    private static final String a = "Validity check failed: ";
    private X509V1ValidatorParameters b;
    private List<? extends Certificate> c;
    private final de d;

    /* JADX INFO: Access modifiers changed from: package-private */
    public qw(cf cfVar, List<ca> list) {
        super(cfVar, list);
        this.d = new de();
    }

    @Override // com.rsa.cryptoj.c.qx
    public CertPathValidatorResult a(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        if (!certPath.getType().equals("X.509")) {
            throw new CertPathValidatorException("Cert path must be a X.509 cert path");
        }
        if (!(certPathParameters instanceof X509V1ValidatorParameters)) {
            throw new InvalidAlgorithmParameterException("Parameters must be X509V1ValidatorParameters");
        }
        this.b = (X509V1ValidatorParameters) certPathParameters;
        this.k = this.b.getDate();
        if (this.k == null) {
            this.k = new Date();
        }
        this.c = certPath.getCertificates();
        this.j = this.c.size();
        Set<TrustAnchor> trustAnchors = this.j == 0 ? this.b.getTrustAnchors() : pk.a((X509Certificate) this.c.get(this.c.size() - 1), this.b.getTrustAnchors());
        if (de.a()) {
            this.d.a("getting the set of trust anchors and attempting to validate the path");
            this.d.a("Number of trust anchors: " + trustAnchors.size());
        }
        for (TrustAnchor trustAnchor : trustAnchors) {
            if (de.a()) {
                this.d.a("Validating path for trust anchor: " + trustAnchor);
            }
            PublicKey a2 = a(trustAnchor, certPath);
            if (a2 != null) {
                if (de.a()) {
                    this.d.a("Validation passed for trust anchor");
                    this.d.a("_______________________________________________");
                }
                return new X509V1ValidatorResult(trustAnchor, a2);
            }
        }
        if (this.l == null) {
            this.l = "Could not validate path.";
        }
        throw new CertPathValidatorException(this.l);
    }

    private PublicKey a(TrustAnchor trustAnchor, CertPath certPath) throws InvalidAlgorithmParameterException, CertPathValidatorException {
        X500Principal ca;
        PublicKey cAPublicKey;
        if (trustAnchor.getTrustedCert() != null) {
            ca = trustAnchor.getTrustedCert().getSubjectX500Principal();
            cAPublicKey = trustAnchor.getTrustedCert().getPublicKey();
        } else {
            ca = trustAnchor.getCA();
            cAPublicKey = trustAnchor.getCAPublicKey();
        }
        pv pvVar = new pv(this.b, certPath, trustAnchor);
        if (de.a()) {
            this.d.a("reversing entries in the cert path");
        }
        if (de.a()) {
            this.d.a("basic certificate processing");
        }
        for (int i = this.j - 1; i >= 0; i--) {
            X509Certificate x509Certificate = (X509Certificate) this.c.get(i);
            if (de.a()) {
                this.d.a("-----------------------------------------------");
                this.d.a("verifying current certificate, SubjectX500Principal: " + x509Certificate.getSubjectX500Principal());
            }
            if ("1.2.840.113549.1.1.2".equalsIgnoreCase(x509Certificate.getSigAlgOID())) {
                throw new CertPathValidatorException("MD2 signature only allowed for a Trust Anchor");
            }
            try {
                if (de.a()) {
                    this.d.a("verifying public key");
                }
                x509Certificate.verify(cAPublicKey);
                if (de.a()) {
                    this.d.a("public key verified");
                }
                try {
                    if (de.a()) {
                        this.d.a("checking validity, current time " + this.k);
                    }
                    x509Certificate.checkValidity(this.k);
                    if (de.a()) {
                        this.d.a("time verified");
                    }
                    if (de.a()) {
                        this.d.a("checking name chaining");
                    }
                    if (!x509Certificate.getIssuerX500Principal().equals(ca)) {
                        this.l = "Name chaining failed";
                        return null;
                    }
                    if (de.a()) {
                        this.d.a("name chaining verified");
                    }
                    if (this.b.isRevocationEnabled()) {
                        if (de.a()) {
                            this.d.a("checking revocation status");
                        }
                        pv.a a2 = pvVar.a(x509Certificate, cAPublicKey);
                        if (!a2.a) {
                            this.l = a2.b;
                            return null;
                        }
                        if (de.a()) {
                            this.d.a("revocation status verified");
                        }
                    }
                    if (de.a()) {
                        this.d.a("Preparing for next certificate..");
                    }
                    try {
                        cAPublicKey = a(x509Certificate.getPublicKey(), cAPublicKey);
                    } catch (GeneralSecurityException e) {
                        try {
                            if (!(x509Certificate instanceof pq)) {
                                throw e;
                            }
                            cAPublicKey = a(pq.a.a((pq) x509Certificate), cAPublicKey);
                        } catch (GeneralSecurityException e2) {
                            this.l = "Error constructing public key with inherited parameters";
                            return null;
                        }
                    }
                    ca = x509Certificate.getSubjectX500Principal();
                } catch (GeneralSecurityException e3) {
                    this.l = a + e3.getMessage();
                    return null;
                }
            } catch (GeneralSecurityException e4) {
                this.l = e4.getMessage();
                return null;
            }
        }
        return cAPublicKey;
    }
}
