package iaik.pki.pathconstruction;

import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.PKIException;
import iaik.pki.certretriever.CertIssuerFinder;
import iaik.pki.pathvalidation.ChainingModes;
import iaik.pki.pathvalidation.ValidationConfiguration;
import iaik.pki.store.certinfo.CertInfo;
import iaik.pki.store.certinfo.CertInfoStore;
import iaik.pki.store.certinfo.CertInfoStoreException;
import iaik.pki.store.certinfo.CertIssuer;
import iaik.pki.store.truststore.TrustStore;
import iaik.pki.store.truststore.TrustStoreResult;
import iaik.pki.utils.CertUtil;
import iaik.pki.utils.Constants;
import iaik.pki.utils.UtilsException;
import iaik.x509.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.Stack;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class A implements CertPathConstructor {
    protected ValidationConfiguration C;
    protected static Log B = LogFactory.getLog(Constants.MODULE_NAME);
    protected static CertIssuerFinder A = CertIssuerFinder.getInstance();

    protected static Set A(TransactionId transactionId, CertInfo certInfo) {
        try {
            return A.getCertificates(certInfo.getCertificate(transactionId), transactionId);
        } catch (CertInfoStoreException e) {
            B.error(transactionId, "Certificate no longer available", e);
            return null;
        }
    }

    protected ConstructionResult A(ConstructionParameters constructionParameters, TransactionId transactionId) {
        CertInfo eECertificate = constructionParameters.getEECertificate();
        if (eECertificate == null) {
            throw new PathConstructionException("End-Entity certificate must be set", null, new StringBuffer().append(getClass().getName()).append(":1").toString());
        }
        eECertificate.getCertInfoStore();
        TrustStore trustStore = constructionParameters.getTrustStore();
        if (trustStore == null) {
            throw new NullPointerException("Truststore mustn't be null");
        }
        int searchCertStores = constructionParameters.searchCertStores();
        Date validationDate = constructionParameters.getValidationDate();
        boolean z = validationDate != null;
        Stack stack = new Stack();
        B b2 = new B();
        b2.add(eECertificate);
        b2.B(eECertificate);
        try {
            X509Certificate certificate = eECertificate.getCertificate(transactionId);
            boolean z2 = !this.C.getChainingMode(certificate).equals(ChainingModes.CHAIN_MODE);
            b2.B(certificate);
            stack.push(b2);
            C c2 = new C();
            Date date = validationDate;
            while (!stack.empty()) {
                B b3 = (B) stack.pop();
                B.debug(transactionId, new StringBuffer("Constructing chain, current size ").append(b3.size()).toString(), null);
                CertInfo certInfo = (CertInfo) b3.get(b3.size() - 1);
                boolean z3 = false;
                X509Certificate x509Certificate = null;
                try {
                    x509Certificate = certInfo.getCertificate(transactionId);
                    TrustStoreResult isCertificateTrusted = trustStore.isCertificateTrusted(x509Certificate, date, transactionId);
                    if (isCertificateTrusted.isCertificateTrusted()) {
                        CertPathImpl certPathImpl = new CertPathImpl(b3);
                        certPathImpl.addAdditionalInfoList(isCertificateTrusted.getAdditionalInfoList());
                        c2.A(certPathImpl);
                        z3 = true;
                        if (!constructionParameters.constructAllChains()) {
                            return c2;
                        }
                    }
                } catch (CertInfoStoreException e) {
                    B.error(transactionId, "Internal error, certificate no longer available", e);
                    z3 = true;
                }
                if (!z3) {
                    if (z) {
                        date = z2 ? validationDate : x509Certificate.getNotBefore();
                    }
                    HashSet hashSet = new HashSet();
                    CertIssuer[] issuers = certInfo.getIssuers(transactionId, searchCertStores, date);
                    for (CertIssuer certIssuer : issuers) {
                        hashSet.add(certIssuer);
                    }
                    if (searchCertStores > 0 && constructionParameters.useAuthorityInfoAccess() && (issuers.length == 0 || searchCertStores == 2)) {
                        for (CertIssuer certIssuer2 : A(certInfo, transactionId)) {
                            if (!hashSet.contains(certIssuer2)) {
                                try {
                                    if (CertUtil.checkIssuer(certIssuer2.getCertificate(transactionId), x509Certificate, certInfo.isSelfIssued(), date, transactionId)) {
                                        certIssuer2.setStatus(2);
                                        hashSet.add(certIssuer2);
                                    }
                                } catch (CertInfoStoreException e2) {
                                    B.error(transactionId, "Internal error, issuer certificate no longer available.", e2);
                                }
                            }
                        }
                    }
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        CertIssuer certIssuer3 = (CertIssuer) it.next();
                        if (!b3.A(certIssuer3) && certIssuer3.getStatus() != -1) {
                            try {
                                X509Certificate certificate2 = certIssuer3.getCertificate(transactionId);
                                B b4 = it.hasNext() ? (B) b3.clone() : b3;
                                b4.add(certIssuer3);
                                b4.B(certIssuer3);
                                b4.B(certificate2);
                                stack.push(b4);
                            } catch (CertInfoStoreException e3) {
                                B.error(transactionId, "Issuer certificate no longer available", e3);
                            }
                        }
                    }
                }
            }
            return c2;
        } catch (CertInfoStoreException e4) {
            B.error(transactionId, "Enduser certificate no longer available", e4);
            throw new PathConstructionException("EE certificate not available anymore", e4, new StringBuffer().append(getClass().getName()).append(":2").toString());
        }
    }

    protected CertInfo A(X509Certificate x509Certificate, CertInfoStore certInfoStore, TransactionId transactionId) {
        if (x509Certificate == null) {
            return null;
        }
        try {
            return certInfoStore.createCertInfo(x509Certificate, true, transactionId);
        } catch (PKIException e) {
            throw new PathConstructionException("Cannot create and add cert info", e, new StringBuffer().append(getClass().getName()).append(":3").toString());
        }
    }

    protected Set A(CertInfo certInfo, TransactionId transactionId) {
        HashSet hashSet = new HashSet();
        B.debug(transactionId, "Using authority info access.", null);
        CertInfoStore certInfoStore = certInfo.getCertInfoStore();
        Set<X509Certificate> A2 = A(transactionId, certInfo);
        if (A2 != null) {
            for (X509Certificate x509Certificate : A2) {
                CertInfo A3 = A(x509Certificate, certInfoStore, transactionId);
                if (A3 != null) {
                    try {
                        if (CertUtil.checkPKIXChainNaming(x509Certificate, certInfo.getCertificate(transactionId))) {
                            hashSet.add(certInfoStore.createCertIssuer(A3, 1, transactionId));
                        }
                    } catch (CertInfoStoreException e) {
                        B.debug(transactionId, new StringBuffer("Error creating cert issuer from certificate retrieved via AIA: ").append(e.getMessage()).toString(), null);
                    } catch (UtilsException e2) {
                        B.debug(transactionId, new StringBuffer("Error checking name chaining for issuer candidate retrieved via AIA: ").append(e2.getMessage()).toString(), null);
                    }
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void A(ValidationConfiguration validationConfiguration, int i, int i2, TransactionId transactionId) {
        if (validationConfiguration == null) {
            throw new NullPointerException("Valdiation configuration must not be null.");
        }
        if (this.C != null) {
            B.error(transactionId, "Path constructor is already configured.", null);
            throw new PathConstructionException("Path constructor is already configured.", null, new StringBuffer().append(getClass().getName()).append(":4").toString());
        }
        B.debug(transactionId, "Path constructor successfully configured.", null);
        this.C = validationConfiguration;
        A.setConnectTimeout(i);
        A.setReadTimeout(i2);
    }

    @Override // iaik.pki.pathconstruction.CertPathConstructor
    public ConstructionResult constructCertPath(ConstructionParameters constructionParameters, TransactionId transactionId) {
        if (constructionParameters == null) {
            throw new NullPointerException("Params must not be null.");
        }
        return A(constructionParameters, transactionId);
    }
}
