package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.exception.ExtCertPathBuilderException;

/* JADX WARN: Classes with same name are omitted:
  input_file:spg-report-service-war-2.1.36.war:WEB-INF/lib/bcprov-jdk14-1.38.jar:org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.class
 */
/* loaded from: input_file:spg-report-service-war-2.1.36.war:WEB-INF/lib/bcprov-jdk14-138.jar:org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.class */
public class PKIXCertPathBuilderSpi extends CertPathBuilderSpi {
    @Override // java.security.cert.CertPathBuilderSpi
    public CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        if (!(certPathParameters instanceof PKIXBuilderParameters)) {
            throw new InvalidAlgorithmParameterException("params must be a PKIXBuilderParameters instance");
        }
        PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) certPathParameters;
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        CertPath certPath = null;
        Throwable th = null;
        CertSelector targetCertConstraints = pKIXBuilderParameters.getTargetCertConstraints();
        if (targetCertConstraints == null) {
            throw new CertPathBuilderException("targetCertConstraints must be non-null for CertPath building");
        }
        try {
            Collection<X509Certificate> findCertificates = CertPathValidatorUtilities.findCertificates(targetCertConstraints, pKIXBuilderParameters.getCertStores());
            if (findCertificates.isEmpty()) {
                throw new CertPathBuilderException("no certificate found matching targetCertContraints");
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
                for (X509Certificate x509Certificate : findCertificates) {
                    arrayList.clear();
                    hashSet.clear();
                    while (x509Certificate != null) {
                        arrayList.add(x509Certificate);
                        hashSet.add(x509Certificate);
                        if (findTrustAnchor(x509Certificate, pKIXBuilderParameters.getTrustAnchors()) != null) {
                            try {
                                certPath = certificateFactory.generateCertPath(arrayList);
                                PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPath, pKIXBuilderParameters);
                                return new PKIXCertPathBuilderResult(certPath, pKIXCertPathValidatorResult.getTrustAnchor(), pKIXCertPathValidatorResult.getPolicyTree(), pKIXCertPathValidatorResult.getPublicKey());
                            } catch (CertPathValidatorException e) {
                                e = e;
                                th = e;
                                x509Certificate = null;
                            } catch (CertificateException e2) {
                                e = e2;
                                th = e;
                                x509Certificate = null;
                            }
                        } else {
                            try {
                                X509Certificate findIssuer = findIssuer(x509Certificate, pKIXBuilderParameters.getCertStores());
                                if (findIssuer.equals(x509Certificate)) {
                                    x509Certificate = null;
                                } else {
                                    x509Certificate = findIssuer;
                                    if (hashSet.contains(x509Certificate)) {
                                        x509Certificate = null;
                                    }
                                }
                            } catch (CertPathValidatorException e3) {
                                th = e3;
                                x509Certificate = null;
                            }
                        }
                    }
                }
                if (certPath != null) {
                    throw new CertPathBuilderException("found certificate chain, but could not be validated", th);
                }
                throw new CertPathBuilderException("unable to find certificate chain");
            } catch (Exception e4) {
                throw new CertPathBuilderException(new StringBuffer().append("exception creating support classes: ").append(e4).toString());
            }
        } catch (AnnotatedException e5) {
            throw new ExtCertPathBuilderException("Error finding target certificate.", e5.getCause());
        }
    }

    final TrustAnchor findTrustAnchor(X509Certificate x509Certificate, Set set) throws CertPathBuilderException {
        Iterator it = set.iterator();
        TrustAnchor trustAnchor = null;
        PublicKey publicKey = null;
        Exception exc = null;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    } else {
                        trustAnchor = null;
                    }
                } else if (trustAnchor.getCAName() == null || trustAnchor.getCAPublicKey() == null) {
                    trustAnchor = null;
                } else {
                    try {
                        if (x509Certificate.getIssuerX500Principal().equals(new X500Principal(trustAnchor.getCAName()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        } else {
                            trustAnchor = null;
                        }
                    } catch (IllegalArgumentException e) {
                        trustAnchor = null;
                    }
                }
                if (publicKey != null) {
                    try {
                        x509Certificate.verify(publicKey);
                    } catch (Exception e2) {
                        exc = e2;
                        trustAnchor = null;
                    }
                }
            }
            if (trustAnchor != null || exc == null) {
                return trustAnchor;
            }
            throw new CertPathBuilderException("TrustAnchor found put certificate validation failed", exc);
        } catch (IOException e3) {
            throw new CertPathBuilderException("can't get trust anchor principal", null);
        }
    }

    private X509Certificate findIssuer(X509Certificate x509Certificate, List list) throws CertPathValidatorException {
        Exception exc = null;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            try {
                Iterator it = CertPathValidatorUtilities.findCertificates(x509CertSelector, list).iterator();
                X509Certificate x509Certificate2 = null;
                while (it.hasNext() && x509Certificate2 == null) {
                    x509Certificate2 = (X509Certificate) it.next();
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                    } catch (Exception e) {
                        exc = e;
                        x509Certificate2 = null;
                    }
                }
                if (x509Certificate2 == null && exc == null) {
                    throw new CertPathValidatorException("Issuer not found", null, null, -1);
                }
                if (x509Certificate2 != null || exc == null) {
                    return x509Certificate2;
                }
                throw new CertPathValidatorException("issuer found but certificate validation failed", exc, null, -1);
            } catch (AnnotatedException e2) {
                throw new CertPathValidatorException(e2.getCause());
            }
        } catch (IOException e3) {
            throw new CertPathValidatorException("Issuer not found", null, null, -1);
        }
    }
}
