package com.rsa.cryptoj.f;

import com.rsa.cryptoj.f.C0206hp;
import com.rsa.cryptoj.f.C0658un;
import com.rsa.jcp.X509V1ValidatorParameters;
import com.rsa.jcp.X509V1ValidatorResult;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/nY.class */
public class nY extends fF {
    private static final String h = "Validity check failed: ";
    private X509V1ValidatorParameters i;
    private List j;
    private nA k;

    /* JADX INFO: Access modifiers changed from: package-private */
    public nY(C0160fx c0160fx) {
        super(c0160fx);
        this.k = new nA();
    }

    @Override // com.rsa.cryptoj.f.fF
    public CertPathValidatorResult a(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        if (!certPath.getType().equals("X.509")) {
            throw new CertPathValidatorException("Cert path must be a X.509 cert path");
        }
        if (!(certPathParameters instanceof X509V1ValidatorParameters)) {
            throw new InvalidAlgorithmParameterException("Parameters must be X509V1ValidatorParameters");
        }
        this.i = (X509V1ValidatorParameters) certPathParameters;
        this.e = this.i.getDate();
        if (this.e == null) {
            this.e = new Date();
        }
        this.j = certPath.getCertificates();
        this.d = this.j.size();
        Set<TrustAnchor> trustAnchors = this.d == 0 ? this.i.getTrustAnchors() : vZ.a((X509Certificate) this.j.get(this.j.size() - 1), this.i.getTrustAnchors());
        if (nA.a()) {
            this.k.a("getting the set of trust anchors and attempting to validate the path");
            this.k.a("Number of trust anchors: " + trustAnchors.size());
        }
        for (TrustAnchor trustAnchor : trustAnchors) {
            if (nA.a()) {
                this.k.a("Validating path for trust anchor: " + trustAnchor);
            }
            PublicKey a = a(trustAnchor, certPath);
            if (a != null) {
                if (nA.a()) {
                    this.k.a("Validation passed for trust anchor");
                    this.k.a("_______________________________________________");
                }
                return new X509V1ValidatorResult(trustAnchor, a);
            }
        }
        if (this.f == null) {
            this.f = "Could not validate path.";
        }
        throw new CertPathValidatorException(this.f);
    }

    private PublicKey a(TrustAnchor trustAnchor, CertPath certPath) throws InvalidAlgorithmParameterException, CertPathValidatorException {
        X500Principal ca;
        PublicKey cAPublicKey;
        if (trustAnchor.getTrustedCert() != null) {
            ca = trustAnchor.getTrustedCert().getSubjectX500Principal();
            cAPublicKey = trustAnchor.getTrustedCert().getPublicKey();
        } else {
            ca = trustAnchor.getCA();
            cAPublicKey = trustAnchor.getCAPublicKey();
        }
        C0658un c0658un = new C0658un(this.i, certPath, trustAnchor);
        if (nA.a()) {
            this.k.a("reversing entries in the cert path");
        }
        if (nA.a()) {
            this.k.a("basic certificate processing");
        }
        for (int i = this.d - 1; i >= 0; i--) {
            X509Certificate x509Certificate = (X509Certificate) this.j.get(i);
            if (nA.a()) {
                this.k.a("-----------------------------------------------");
                this.k.a("verifying current certificate, SubjectX500Principal: " + x509Certificate.getSubjectX500Principal());
            }
            if ("1.2.840.113549.1.1.2".equalsIgnoreCase(x509Certificate.getSigAlgOID())) {
                throw new CertPathValidatorException("MD2 signature only allowed for a Trust Anchor");
            }
            try {
                if (nA.a()) {
                    this.k.a("verifying public key");
                }
                x509Certificate.verify(cAPublicKey);
                if (nA.a()) {
                    this.k.a("public key verified");
                }
                try {
                    if (nA.a()) {
                        this.k.a("checking validity, current time " + this.e);
                    }
                    x509Certificate.checkValidity(this.e);
                    if (nA.a()) {
                        this.k.a("time verified");
                    }
                    if (nA.a()) {
                        this.k.a("checking name chaining");
                    }
                    if (!x509Certificate.getIssuerX500Principal().equals(ca)) {
                        this.f = "Name chaining failed";
                        return null;
                    }
                    if (nA.a()) {
                        this.k.a("name chaining verified");
                    }
                    if (this.i.isRevocationEnabled()) {
                        if (nA.a()) {
                            this.k.a("checking revocation status");
                        }
                        C0658un.a a = c0658un.a(x509Certificate, cAPublicKey);
                        if (!a.a) {
                            this.f = a.b;
                            return null;
                        }
                        if (nA.a()) {
                            this.k.a("revocation status verified");
                        }
                    }
                    if (nA.a()) {
                        this.k.a("Preparing for next certificate..");
                    }
                    try {
                        cAPublicKey = a(x509Certificate.getPublicKey(), cAPublicKey);
                    } catch (GeneralSecurityException e) {
                        try {
                            if (!(x509Certificate instanceof C0206hp)) {
                                throw e;
                            }
                            cAPublicKey = a(C0206hp.a.a((C0206hp) x509Certificate), cAPublicKey);
                        } catch (GeneralSecurityException e2) {
                            this.f = "Error constructing public key with inherited parameters";
                            return null;
                        }
                    }
                    ca = x509Certificate.getSubjectX500Principal();
                } catch (GeneralSecurityException e3) {
                    this.f = h + e3.getMessage();
                    return null;
                }
            } catch (GeneralSecurityException e4) {
                this.f = e4.getMessage();
                return null;
            }
        }
        return cAPublicKey;
    }
}
