package com.ibm.security.cert;

import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.CertSelector;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:efixes/PK42528_Hpux_PaRISC/components/prereq.jdk/update.jar:/java/jre/lib/endorsed/ibmcertpathprovider.jar:com/ibm/security/cert/PKIXCertPathValidatorImpl.class */
public class PKIXCertPathValidatorImpl extends CertPathValidatorSpi {
    @Override // java.security.cert.CertPathValidatorSpi
    public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        PKIXCertPathValidatorResult pKIXCertPathValidatorResult = null;
        List certificates = certPath.getCertificates();
        int size = certificates.size();
        if (!certPath.getType().equals("X.509") && !certPath.getType().equals("X509")) {
            throw new InvalidAlgorithmParameterException("inappropriate certification path type specified, must be X.509 or X509");
        }
        if (!(certPathParameters instanceof PKIXParameters)) {
            throw new InvalidAlgorithmParameterException(new StringBuffer().append("Parameter type unsupported - ").append(certPathParameters.getClass().getName()).toString());
        }
        PKIXParameters pKIXParameters = (PKIXParameters) certPathParameters;
        HashSet hashSet = new HashSet(pKIXParameters.getInitialPolicies());
        if (hashSet.isEmpty()) {
            hashSet.add("2.5.29.32.0");
        }
        Set trustAnchors = pKIXParameters.getTrustAnchors();
        CertSelector targetCertConstraints = pKIXParameters.getTargetCertConstraints();
        boolean isRevocationEnabled = pKIXParameters.isRevocationEnabled();
        int i = pKIXParameters.isPolicyMappingInhibited() ? 0 : size + 1;
        int i2 = pKIXParameters.isAnyPolicyInhibited() ? 0 : size + 1;
        int i3 = pKIXParameters.isExplicitPolicyRequired() ? 0 : size + 1;
        Date date = pKIXParameters.getDate();
        if (date == null) {
            date = new Date();
        }
        List certStores = pKIXParameters.getCertStores();
        List certPathCheckers = pKIXParameters.getCertPathCheckers();
        pKIXParameters.getPolicyQualifiersRejected();
        String sigProvider = pKIXParameters.getSigProvider();
        if (targetCertConstraints != null && certificates.size() > 0 && !targetCertConstraints.match((X509Certificate) certificates.get(0))) {
            throw new CertPathValidatorException("Certain certificate select criteria don't match", null, certPath, size);
        }
        BasicChecker basicChecker = new BasicChecker(certPath, trustAnchors, date, sigProvider);
        CRSChecker cRSChecker = isRevocationEnabled ? new CRSChecker(certPath, certStores, true, false, trustAnchors, date, true, sigProvider) : null;
        PolicyChecker policyChecker = new PolicyChecker(certPath, pKIXParameters.getPolicyQualifiersRejected(), hashSet, i3, i, i2);
        NameChecker nameChecker = new NameChecker(certPath, sigProvider);
        basicChecker.init(false);
        if (isRevocationEnabled) {
            cRSChecker.init(false);
        }
        policyChecker.init(false);
        nameChecker.init(false);
        initCheckers(certPathCheckers);
        if (size == 0) {
            TrustAnchor trustAnchor = (TrustAnchor) trustAnchors.iterator().next();
            PublicKey cAPublicKey = trustAnchor.getCAPublicKey();
            if (cAPublicKey == null) {
                cAPublicKey = trustAnchor.getTrustedCert().getPublicKey();
            }
            return new PKIXCertPathValidatorResult(trustAnchor, policyChecker.getPolicyTree().getRoot(), cAPublicKey);
        }
        for (int i4 = size - 1; i4 >= 0; i4--) {
            X509Certificate x509Certificate = (X509Certificate) certificates.get(i4);
            Set criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs == null) {
                criticalExtensionOIDs = new HashSet();
            }
            basicChecker.check(x509Certificate, criticalExtensionOIDs);
            if (isRevocationEnabled) {
                cRSChecker.check(x509Certificate, criticalExtensionOIDs);
            }
            policyChecker.check(x509Certificate, criticalExtensionOIDs);
            nameChecker.check(x509Certificate, criticalExtensionOIDs);
            moreChecks(x509Certificate, certPathCheckers, criticalExtensionOIDs);
            if (!criticalExtensionOIDs.isEmpty()) {
                StringBuffer stringBuffer = new StringBuffer();
                Iterator it = criticalExtensionOIDs.iterator();
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next());
                }
                throw new CertPathValidatorException(new StringBuffer().append(" The following critical extensions were not processed: ").append((Object) stringBuffer).toString(), null, certPath, i4);
            }
            if (i4 == 0) {
                PublicKey publicKey = x509Certificate.getPublicKey();
                TrustAnchor trustAnchor2 = basicChecker.getTrustAnchor();
                PolicyTree policyTree = policyChecker.getPolicyTree();
                pKIXCertPathValidatorResult = new PKIXCertPathValidatorResult(trustAnchor2, policyTree.isValid() ? policyTree.getRoot() : null, publicKey);
            }
        }
        return pKIXCertPathValidatorResult;
    }

    static void initCheckers(Collection collection) throws CertPathValidatorException {
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            ((PKIXCertPathChecker) it.next()).init(false);
        }
    }

    static void moreChecks(X509Certificate x509Certificate, List list, Collection collection) throws CertPathValidatorException {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            ((PKIXCertPathChecker) it.next()).check(x509Certificate, collection);
        }
    }
}
