package sun.security.provider.certpath;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.ListIterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
import sun.security.x509.PKIXExtensions;

/* JADX WARN: Classes with same name are omitted:
  input_file:efixes/PQ88973_solaris/components/prereq.jdk/update.jar:/java/jre/lib/backup/rt.jar.SUN:sun/security/provider/certpath/SunCertPathBuilder.class
 */
/* loaded from: input_file:efixes/PQ88973_solaris/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:sun/security/provider/certpath/SunCertPathBuilder.class */
public final class SunCertPathBuilder extends CertPathBuilderSpi {
    private static final Debug debug = Debug.getInstance("certpath");
    private PKIXBuilderParameters buildParams;
    private CertificateFactory cf;
    private boolean pathCompleted = false;
    private X500Principal targetSubjectDN;
    private PolicyNode policyTreeResult;
    private TrustAnchor trustAnchor;
    private PublicKey finalPublicKey;
    private X509CertSelector targetSel;

    public SunCertPathBuilder() throws CertPathBuilderException {
        try {
            this.cf = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new CertPathBuilderException(e);
        }
    }

    @Override // java.security.cert.CertPathBuilderSpi
    public CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        X509Certificate certificate;
        if (debug != null) {
            debug.println(new StringBuffer().append("SunCertPathBuilder.engineBuild(").append(certPathParameters).append(")").toString());
        }
        if (!(certPathParameters instanceof PKIXBuilderParameters)) {
            throw new InvalidAlgorithmParameterException("inappropriate parameter type, must be an instance of PKIXBuilderParameters");
        }
        boolean z = true;
        if (certPathParameters instanceof SunCertPathBuilderParameters) {
            z = ((SunCertPathBuilderParameters) certPathParameters).getBuildForward();
        }
        if (debug != null) {
            debug.println(new StringBuffer().append("buildForward = ").append(z).toString());
        }
        this.buildParams = (PKIXBuilderParameters) certPathParameters;
        Iterator it = this.buildParams.getTrustAnchors().iterator();
        if (!it.hasNext()) {
            throw new InvalidAlgorithmParameterException("must specify at least one trust anchor");
        }
        while (it.hasNext()) {
            if (((TrustAnchor) it.next()).getNameConstraints() != null) {
                throw new InvalidAlgorithmParameterException("name constraints in trust anchor not supported");
            }
        }
        CertSelector targetCertConstraints = this.buildParams.getTargetCertConstraints();
        if (!(targetCertConstraints instanceof X509CertSelector)) {
            throw new InvalidAlgorithmParameterException("the targetCertConstraints parameter must be an X509CertSelector");
        }
        this.targetSel = (X509CertSelector) targetCertConstraints;
        this.targetSubjectDN = CertPathHelper.getSubject(this.targetSel);
        if (this.targetSubjectDN == null && (certificate = this.targetSel.getCertificate()) != null) {
            this.targetSubjectDN = certificate.getSubjectX500Principal();
        }
        if (this.targetSubjectDN == null) {
            HashSet hashSet = new HashSet();
            Iterator it2 = this.buildParams.getCertStores().iterator();
            while (it2.hasNext()) {
                try {
                    hashSet.addAll(((CertStore) it2.next()).getCertificates(this.targetSel));
                } catch (CertStoreException e) {
                }
                if (hashSet.size() > 1) {
                    throw new InvalidAlgorithmParameterException("targetSubject parameter not set and target constraints do not uniquely identify a certificate");
                    break;
                }
            }
            Iterator it3 = hashSet.iterator();
            if (it3.hasNext()) {
                this.targetSubjectDN = ((X509Certificate) it3.next()).getSubjectX500Principal();
            }
        }
        if (this.targetSubjectDN == null) {
            throw new InvalidAlgorithmParameterException("Could not determine unique target subject");
        }
        this.pathCompleted = false;
        this.trustAnchor = null;
        this.finalPublicKey = null;
        this.policyTreeResult = null;
        LinkedList linkedList = new LinkedList();
        ArrayList arrayList = new ArrayList();
        try {
            if (z) {
                buildForward(arrayList, linkedList);
            } else {
                buildReverse(arrayList, linkedList);
            }
            try {
                if (!this.pathCompleted) {
                    throw new SunCertPathBuilderException("unable to find valid certification path to requested target", new AdjacencyList(arrayList));
                }
                if (debug != null) {
                    debug.println("SunCertPathBuilder.engineBuild() pathCompleted");
                }
                Collections.reverse(linkedList);
                return new SunCertPathBuilderResult(this.cf.generateCertPath(linkedList), this.trustAnchor, this.policyTreeResult, this.finalPublicKey, new AdjacencyList(arrayList));
            } catch (Exception e2) {
                if (debug != null) {
                    debug.println("SunCertPathBuilder.engineBuild() exception in wrap-up");
                    e2.printStackTrace();
                }
                throw new SunCertPathBuilderException("unable to find valid certification path to requested target", e2, new AdjacencyList(arrayList));
            }
        } catch (Exception e3) {
            if (debug != null) {
                debug.println("SunCertPathBuilder.engineBuild() exception in build");
                e3.printStackTrace();
            }
            throw new SunCertPathBuilderException("unable to find valid certification path to requested target", e3, new AdjacencyList(arrayList));
        }
    }

    private boolean anchorIsTarget(TrustAnchor trustAnchor, X509CertSelector x509CertSelector) {
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        if (trustedCert != null) {
            return x509CertSelector.match(trustedCert);
        }
        return false;
    }

    private void buildForward(List list, LinkedList linkedList) throws GeneralSecurityException, IOException {
        if (debug != null) {
            debug.println("SunCertPathBuilder.buildForward()...");
        }
        ForwardState forwardState = new ForwardState();
        forwardState.initState(this.buildParams.getCertPathCheckers());
        list.clear();
        list.add(new LinkedList());
        forwardState.crlChecker = new CrlRevocationChecker(null, this.buildParams.getCertStores(), this.buildParams.getSigProvider(), this.buildParams.getDate());
        depthFirstSearchForward(this.targetSubjectDN, forwardState, new ForwardBuilder(this.buildParams, this.targetSubjectDN), list, linkedList);
        if (debug != null) {
            debug.println("SunCertPathBuilder.buildForward() returned from depthFirstSearchForward()");
        }
    }

    private void buildReverse(List list, LinkedList linkedList) throws Exception {
        if (debug != null) {
            debug.println("SunCertPathBuilder.buildReverse()...");
            debug.println(new StringBuffer().append("SunCertPathBuilder.buildReverse() InitialPolicies: ").append(this.buildParams.getInitialPolicies()).toString());
        }
        ReverseState reverseState = new ReverseState();
        list.clear();
        list.add(new LinkedList());
        Iterator it = this.buildParams.getTrustAnchors().iterator();
        do {
            if (it.hasNext()) {
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                if (anchorIsTarget(trustAnchor, this.targetSel)) {
                    this.trustAnchor = trustAnchor;
                    this.pathCompleted = true;
                    this.finalPublicKey = trustAnchor.getTrustedCert().getPublicKey();
                } else {
                    reverseState.initState(this.buildParams.getMaxPathLength(), this.buildParams.isExplicitPolicyRequired(), this.buildParams.isPolicyMappingInhibited(), this.buildParams.isAnyPolicyInhibited(), this.buildParams.getCertPathCheckers());
                    reverseState.updateState(trustAnchor);
                    reverseState.crlChecker = new CrlRevocationChecker(null, this.buildParams.getCertStores(), this.buildParams.getSigProvider(), this.buildParams.getDate());
                    try {
                        depthFirstSearchReverse(null, reverseState, new ReverseBuilder(this.buildParams, this.targetSubjectDN), list, linkedList);
                    } catch (Exception e) {
                    }
                }
            }
            if (debug != null) {
                debug.println("SunCertPathBuilder.buildReverse() returned from depthFirstSearchReverse()");
                debug.println(new StringBuffer().append("SunCertPathBuilder.buildReverse() certPathList.size: ").append(linkedList.size()).toString());
                return;
            }
            return;
        } while (it.hasNext());
        throw e;
    }

    private LinkedList addVertices(Collection collection, List list) {
        LinkedList linkedList = (LinkedList) list.get(list.size() - 1);
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            linkedList.add(new Vertex((X509Certificate) it.next()));
        }
        return linkedList;
    }

    void depthFirstSearchForward(X500Principal x500Principal, ForwardState forwardState, ForwardBuilder forwardBuilder, List list, LinkedList linkedList) throws GeneralSecurityException, IOException {
        Set supportedExtensions;
        if (debug != null) {
            debug.println(new StringBuffer().append("SunCertPathBuilder.depthFirstSearchForward(").append(x500Principal).append(", ").append(forwardState.toString()).append(")").toString());
        }
        LinkedList addVertices = addVertices(forwardBuilder.getMatchingCerts(forwardState), list);
        if (debug != null) {
            debug.println(new StringBuffer().append("SunCertPathBuilder.depthFirstSearchForward(): certs.size=").append(addVertices.size()).toString());
        }
        ListIterator listIterator = addVertices.listIterator();
        while (listIterator.hasNext()) {
            ForwardState forwardState2 = (ForwardState) forwardState.clone();
            Vertex vertex = (Vertex) listIterator.next();
            X509Certificate x509Certificate = (X509Certificate) vertex.getCertificate();
            try {
                forwardBuilder.verifyCert(x509Certificate, forwardState2, linkedList);
                if (forwardBuilder.isPathCompleted(x509Certificate)) {
                    BasicChecker basicChecker = null;
                    if (debug != null) {
                        debug.println("SunCertPathBuilder.depthFirstSearchForward(): commencing final verification");
                    }
                    ArrayList arrayList = new ArrayList(linkedList);
                    if (forwardBuilder.trustAnchor.getTrustedCert() == null) {
                        arrayList.add(0, x509Certificate);
                    }
                    HashSet hashSet = new HashSet(1);
                    hashSet.add("2.5.29.32.0");
                    PolicyChecker policyChecker = new PolicyChecker(this.buildParams.getInitialPolicies(), arrayList.size(), this.buildParams.isExplicitPolicyRequired(), this.buildParams.isPolicyMappingInhibited(), this.buildParams.isAnyPolicyInhibited(), this.buildParams.getPolicyQualifiersRejected(), new PolicyNodeImpl(null, "2.5.29.32.0", null, false, hashSet, false));
                    ArrayList arrayList2 = new ArrayList(this.buildParams.getCertPathCheckers());
                    arrayList2.add(0, policyChecker);
                    int i = 0 + 1;
                    if (forwardState2.keyParamsNeeded()) {
                        PublicKey publicKey = x509Certificate.getPublicKey();
                        if (forwardBuilder.trustAnchor.getTrustedCert() == null) {
                            publicKey = forwardBuilder.trustAnchor.getCAPublicKey();
                            if (debug != null) {
                                debug.println(new StringBuffer().append("SunCertPathBuilder.depthFirstSearchForward using buildParams public key: ").append(publicKey.toString()).toString());
                            }
                        }
                        basicChecker = new BasicChecker(publicKey, x509Certificate.getSubjectX500Principal(), this.buildParams.getDate(), this.buildParams.getSigProvider(), true);
                        arrayList2.add(i, basicChecker);
                        i++;
                        if (this.buildParams.isRevocationEnabled()) {
                            arrayList2.add(i, new CrlRevocationChecker(publicKey, this.buildParams.getCertStores(), this.buildParams.getSigProvider(), this.buildParams.getDate()));
                            i++;
                        }
                    }
                    for (int i2 = 0; i2 < arrayList.size(); i2++) {
                        X509Certificate x509Certificate2 = (X509Certificate) arrayList.get(i2);
                        if (debug != null) {
                            debug.println(new StringBuffer().append("current subject = ").append(x509Certificate2.getSubjectX500Principal()).toString());
                        }
                        Set criticalExtensionOIDs = x509Certificate2.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs == null) {
                            criticalExtensionOIDs = Collections.EMPTY_SET;
                        }
                        for (int i3 = 0; i3 < arrayList2.size(); i3++) {
                            PKIXCertPathChecker pKIXCertPathChecker = (PKIXCertPathChecker) arrayList2.get(i3);
                            if (i3 < i || !pKIXCertPathChecker.isForwardCheckingSupported()) {
                                if (i2 == 0) {
                                    pKIXCertPathChecker.init(false);
                                }
                                try {
                                    pKIXCertPathChecker.check(x509Certificate2, criticalExtensionOIDs);
                                } catch (CertPathValidatorException e) {
                                    if (debug != null) {
                                        debug.println(new StringBuffer().append("SunCertPathBuilder.depthFirstSearchForward(): final verification failed: ").append(e).toString());
                                    }
                                    vertex.setThrowable(e);
                                }
                            }
                        }
                        for (PKIXCertPathChecker pKIXCertPathChecker2 : this.buildParams.getCertPathCheckers()) {
                            if (pKIXCertPathChecker2.isForwardCheckingSupported() && (supportedExtensions = pKIXCertPathChecker2.getSupportedExtensions()) != null) {
                                Iterator it = supportedExtensions.iterator();
                                while (it.hasNext()) {
                                    criticalExtensionOIDs.remove(it.next());
                                }
                            }
                        }
                        if (!criticalExtensionOIDs.isEmpty()) {
                            criticalExtensionOIDs.remove(PKIXExtensions.BasicConstraints_Id.toString());
                            criticalExtensionOIDs.remove(PKIXExtensions.NameConstraints_Id.toString());
                            criticalExtensionOIDs.remove(PKIXExtensions.CertificatePolicies_Id.toString());
                            criticalExtensionOIDs.remove(PKIXExtensions.PolicyMappings_Id.toString());
                            criticalExtensionOIDs.remove(PKIXExtensions.PolicyConstraints_Id.toString());
                            criticalExtensionOIDs.remove(PKIXExtensions.InhibitAnyPolicy_Id.toString());
                            criticalExtensionOIDs.remove(PKIXExtensions.SubjectAlternativeName_Id.toString());
                            criticalExtensionOIDs.remove(PKIXExtensions.KeyUsage_Id.toString());
                            criticalExtensionOIDs.remove(PKIXExtensions.ExtendedKeyUsage_Id.toString());
                            if (!criticalExtensionOIDs.isEmpty()) {
                                throw new CertPathValidatorException("unrecognized critical extension(s)");
                            }
                        }
                    }
                    if (debug != null) {
                        debug.println("SunCertPathBuilder.depthFirstSearchForward(): final verification succeeded - path completed!");
                    }
                    this.pathCompleted = true;
                    if (forwardBuilder.trustAnchor.getTrustedCert() == null) {
                        forwardBuilder.addCertToPath(x509Certificate, linkedList);
                    }
                    this.trustAnchor = forwardBuilder.trustAnchor;
                    if (basicChecker != null) {
                        this.finalPublicKey = basicChecker.getPublicKey();
                    } else {
                        this.finalPublicKey = x509Certificate.getPublicKey();
                    }
                    this.policyTreeResult = policyChecker.getPolicyTree();
                    return;
                }
                forwardBuilder.addCertToPath(x509Certificate, linkedList);
                forwardState2.updateState(x509Certificate);
                list.add(new LinkedList());
                vertex.setIndex(list.size() - 1);
                depthFirstSearchForward(x509Certificate.getIssuerX500Principal(), forwardState2, forwardBuilder, list, linkedList);
                if (this.pathCompleted) {
                    return;
                }
                if (debug != null) {
                    debug.println("SunCertPathBuilder.depthFirstSearchForward(): backtracking");
                }
                forwardBuilder.removeFinalCertFromPath(linkedList);
            } catch (GeneralSecurityException e2) {
                if (debug != null) {
                    debug.println(new StringBuffer().append("SunCertPathBuilder.depthFirstSearchForward(): validation failed: ").append(e2).toString());
                }
                vertex.setThrowable(e2);
            }
        }
    }

    void depthFirstSearchReverse(X500Principal x500Principal, ReverseState reverseState, ReverseBuilder reverseBuilder, List list, LinkedList linkedList) throws GeneralSecurityException, IOException {
        if (debug != null) {
            debug.println(new StringBuffer().append("SunCertPathBuilder.depthFirstSearchReverse(").append(x500Principal).append(", ").append(reverseState.toString()).append(")").toString());
        }
        LinkedList addVertices = addVertices(reverseBuilder.getMatchingCerts(reverseState), list);
        if (debug != null) {
            debug.println(new StringBuffer().append("SunCertPathBuilder.depthFirstSearchReverse(): certs.size=").append(addVertices.size()).toString());
        }
        ListIterator listIterator = addVertices.listIterator();
        while (listIterator.hasNext()) {
            ReverseState reverseState2 = (ReverseState) reverseState.clone();
            Vertex vertex = (Vertex) listIterator.next();
            X509Certificate x509Certificate = (X509Certificate) vertex.getCertificate();
            try {
                reverseBuilder.verifyCert(x509Certificate, reverseState2, linkedList);
                if (!reverseState.isInitial()) {
                    reverseBuilder.addCertToPath(x509Certificate, linkedList);
                }
                this.trustAnchor = reverseState.trustAnchor;
            } catch (GeneralSecurityException e) {
                if (debug != null) {
                    debug.println(new StringBuffer().append("SunCertPathBuilder.depthFirstSearchReverse(): validation failed: ").append(e).toString());
                }
                vertex.setThrowable(e);
            }
            if (reverseBuilder.isPathCompleted(x509Certificate)) {
                if (debug != null) {
                    debug.println("SunCertPathBuilder.depthFirstSearchReverse(): path completed!");
                }
                this.pathCompleted = true;
                PolicyNodeImpl policyNodeImpl = reverseState2.rootNode;
                if (policyNodeImpl == null) {
                    this.policyTreeResult = null;
                } else {
                    this.policyTreeResult = policyNodeImpl.copyTree();
                    ((PolicyNodeImpl) this.policyTreeResult).setImmutable();
                }
                this.finalPublicKey = x509Certificate.getPublicKey();
                if ((this.finalPublicKey instanceof DSAPublicKey) && ((DSAPublicKey) this.finalPublicKey).getParams() == null) {
                    this.finalPublicKey = BasicChecker.makeInheritedParamsKey(this.finalPublicKey, reverseState.pubKey);
                    return;
                }
                return;
            }
            reverseState2.updateState(x509Certificate);
            list.add(new LinkedList());
            vertex.setIndex(list.size() - 1);
            depthFirstSearchReverse(x509Certificate.getSubjectX500Principal(), reverseState2, reverseBuilder, list, linkedList);
            if (this.pathCompleted) {
                return;
            }
            if (debug != null) {
                debug.println("SunCertPathBuilder.depthFirstSearchReverse(): backtracking");
            }
            if (!reverseState.isInitial()) {
                reverseBuilder.removeFinalCertFromPath(linkedList);
            }
        }
        if (debug != null) {
            debug.println("SunCertPathBuilder.depthFirstSearchReverse() all certs in this adjacency list checked");
        }
    }
}
