package org.bouncycastle.jce.provider;

import com.herry.crypto.Constants;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.x509.X509Name;

/* loaded from: input_file:org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.class */
public class PKIXCertPathBuilderSpi extends CertPathBuilderSpi {
    @Override // java.security.cert.CertPathBuilderSpi
    public CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        if (!(certPathParameters instanceof PKIXBuilderParameters)) {
            throw new InvalidAlgorithmParameterException("params must be a PKIXBuilderParameters instance");
        }
        PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) certPathParameters;
        ArrayList arrayList = new ArrayList();
        CertPath certPath = null;
        CertPathValidatorException certPathValidatorException = null;
        try {
            CertSelector targetCertConstraints = pKIXBuilderParameters.getTargetCertConstraints();
            if (targetCertConstraints == null) {
                throw new CertPathBuilderException("targetCertConstraints must be non-null for CertPath building");
            }
            Collection<X509Certificate> findCertificates = findCertificates(targetCertConstraints, pKIXBuilderParameters.getCertStores());
            if (findCertificates.isEmpty()) {
                throw new CertPathBuilderException("no certificate found matching targetCertContraints");
            }
            for (X509Certificate x509Certificate : findCertificates) {
                arrayList.clear();
                while (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                    if (findTrustAnchor(x509Certificate, pKIXBuilderParameters.getTrustAnchors()) != null) {
                        try {
                            certPath = CertificateFactory.getInstance("X.509", Constants.PROVIDER_ID).generateCertPath(arrayList);
                            PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX", Constants.PROVIDER_ID).validate(certPath, pKIXBuilderParameters);
                            return new PKIXCertPathBuilderResult(certPath, pKIXCertPathValidatorResult.getTrustAnchor(), pKIXCertPathValidatorResult.getPolicyTree(), pKIXCertPathValidatorResult.getPublicKey());
                        } catch (CertPathValidatorException e) {
                            certPathValidatorException = e;
                            x509Certificate = null;
                        }
                    } else {
                        try {
                            x509Certificate = findIssuer(x509Certificate, pKIXBuilderParameters.getCertStores());
                        } catch (CertPathValidatorException e2) {
                            certPathValidatorException = e2;
                            x509Certificate = null;
                        }
                    }
                }
            }
            if (certPath != null) {
                throw new CertPathBuilderException("found certifiacte chain, but could not be validated", certPathValidatorException);
            }
            throw new CertPathBuilderException("unable to find certificate chain");
        } catch (Exception e3) {
            throw new CertPathBuilderException("Exception thrown while doing CertPath building\n", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final TrustAnchor findTrustAnchor(X509Certificate x509Certificate, Set set) throws CertPathValidatorException {
        Iterator it = set.iterator();
        TrustAnchor trustAnchor = null;
        PublicKey publicKey = null;
        Exception exc = null;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerDN().getName());
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    } else {
                        trustAnchor = null;
                    }
                } else if (trustAnchor.getCAName() == null || trustAnchor.getCAPublicKey() == null) {
                    trustAnchor = null;
                } else {
                    try {
                        if (new X509Name(trimX509Name(x509Certificate.getIssuerDN().getName())).equals(new X509Name(trimX509Name(trustAnchor.getCAName())))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        } else {
                            trustAnchor = null;
                        }
                    } catch (IllegalArgumentException e) {
                        trustAnchor = null;
                    }
                }
                if (publicKey != null) {
                    try {
                        x509Certificate.verify(publicKey);
                    } catch (Exception e2) {
                        exc = e2;
                        trustAnchor = null;
                    }
                }
            }
            if (trustAnchor != null || exc == null) {
                return trustAnchor;
            }
            throw new CertPathValidatorException("TrustAnchor found put certificate validation failed", exc, null, -1);
        } catch (IOException e3) {
            e3.printStackTrace();
            return null;
        }
    }

    private static final Collection findCertificates(CertSelector certSelector, List list) {
        HashSet hashSet = new HashSet();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                hashSet.addAll(((CertStore) it.next()).getCertificates(certSelector));
            } catch (CertStoreException e) {
                e.printStackTrace();
            }
        }
        return hashSet;
    }

    private static final X509Certificate findIssuer(X509Certificate x509Certificate, List list) throws CertPathValidatorException {
        Exception exc = null;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerDN().getName());
            Iterator it = findCertificates(x509CertSelector, list).iterator();
            X509Certificate x509Certificate2 = null;
            while (it.hasNext() && x509Certificate2 == null) {
                x509Certificate2 = (X509Certificate) it.next();
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                } catch (Exception e) {
                    exc = e;
                    x509Certificate2 = null;
                }
            }
            if (x509Certificate2 != null || exc == null) {
                return x509Certificate2;
            }
            throw new CertPathValidatorException("issuer found but certificate validation failed", exc, null, -1);
        } catch (IOException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String trimX509Name(String str) {
        String str2;
        String upperCase = str.trim().toUpperCase();
        while (true) {
            str2 = upperCase;
            int indexOf = str2.indexOf("  ");
            if (indexOf < 0) {
                break;
            }
            upperCase = new StringBuffer().append(str2.substring(0, indexOf)).append(str2.substring(indexOf + 1)).toString();
        }
        while (true) {
            int indexOf2 = str2.indexOf(" =");
            if (indexOf2 < 0) {
                break;
            }
            str2 = new StringBuffer().append(str2.substring(0, indexOf2)).append(str2.substring(indexOf2 + 1)).toString();
        }
        while (true) {
            int indexOf3 = str2.indexOf("= ");
            if (indexOf3 < 0) {
                return str2;
            }
            str2 = new StringBuffer().append(str2.substring(0, indexOf3 + 1)).append(str2.substring(indexOf3 + 2)).toString();
        }
    }
}
