package com.ibm.security.cert;

import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.Timestamp;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/ibm/security/cert/PKIX.class */
public class PKIX {
    private static final Debug debug = Debug.getInstance("certpath");

    /* loaded from: input_file:com/ibm/security/cert/PKIX$BuilderParams.class */
    static class BuilderParams extends ValidatorParams {
        private PKIXBuilderParameters params;
        private List<CertStore> stores;
        private X500Principal targetSubject;

        BuilderParams(PKIXBuilderParameters pKIXBuilderParameters) throws InvalidAlgorithmParameterException {
            super(pKIXBuilderParameters);
            checkParams(pKIXBuilderParameters);
        }

        private void checkParams(PKIXBuilderParameters pKIXBuilderParameters) throws InvalidAlgorithmParameterException {
            if (!(targetCertConstraints() instanceof X509CertSelector)) {
                throw new InvalidAlgorithmParameterException("the targetCertConstraints parameter must be an X509CertSelector");
            }
            this.params = pKIXBuilderParameters;
            this.targetSubject = getTargetSubject(certStores(), (X509CertSelector) targetCertConstraints());
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // com.ibm.security.cert.PKIX.ValidatorParams
        public List<CertStore> certStores() {
            if (this.stores == null) {
                this.stores = new ArrayList(this.params.getCertStores());
                Collections.sort(this.stores, new CertStoreComparator());
            }
            return this.stores;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int maxPathLength() {
            return this.params.getMaxPathLength();
        }

        PKIXBuilderParameters params() {
            return this.params;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public X500Principal targetSubject() {
            return this.targetSubject;
        }

        private static X500Principal getTargetSubject(List<CertStore> list, X509CertSelector x509CertSelector) throws InvalidAlgorithmParameterException {
            Collection<? extends Certificate> certificates;
            X500Principal subject = x509CertSelector.getSubject();
            if (subject != null) {
                return subject;
            }
            X509Certificate certificate = x509CertSelector.getCertificate();
            if (certificate != null) {
                subject = certificate.getSubjectX500Principal();
            }
            if (subject != null) {
                return subject;
            }
            Iterator<CertStore> it = list.iterator();
            while (it.hasNext()) {
                try {
                    certificates = it.next().getCertificates(x509CertSelector);
                } catch (CertStoreException e) {
                    if (PKIX.debug != null) {
                        PKIX.debug.println("BuilderParams.getTargetSubjectDN: non-fatal exception retrieving certs: " + e);
                        e.printStackTrace();
                    }
                }
                if (!certificates.isEmpty()) {
                    return ((X509Certificate) certificates.iterator().next()).getSubjectX500Principal();
                }
                continue;
            }
            throw new InvalidAlgorithmParameterException("Could not determine unique target subject");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/security/cert/PKIX$CertStoreComparator.class */
    public static class CertStoreComparator implements Comparator<CertStore> {
        private CertStoreComparator() {
        }

        @Override // java.util.Comparator
        public int compare(CertStore certStore, CertStore certStore2) {
            return (certStore.getType().equals("Collection") || (certStore.getCertStoreParameters() instanceof CollectionCertStoreParameters)) ? -1 : 1;
        }
    }

    /* loaded from: input_file:com/ibm/security/cert/PKIX$CertStoreTypeException.class */
    static class CertStoreTypeException extends CertStoreException {
        private static final long serialVersionUID = 7463352639238322556L;
        private final String type;

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertStoreTypeException(String str, CertStoreException certStoreException) {
            super(certStoreException.getMessage(), certStoreException.getCause());
            this.type = str;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String getType() {
            return this.type;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/security/cert/PKIX$ValidatorParams.class */
    public static class ValidatorParams {
        private final PKIXParameters params;
        private CertPath certPath;
        private List<PKIXCertPathChecker> checkers;
        private List<CertStore> stores;
        private boolean gotDate;
        private Date date;
        private Set<String> policies;
        private boolean gotConstraints;
        private CertSelector constraints;
        private Set<TrustAnchor> anchors;
        private List<X509Certificate> certs;
        private Timestamp timestamp;
        private Date timestampDate;
        private String variant;

        ValidatorParams(CertPath certPath, PKIXParameters pKIXParameters) throws InvalidAlgorithmParameterException {
            this(pKIXParameters);
            if (!certPath.getType().equals("X.509") && !certPath.getType().equals("X509")) {
                throw new InvalidAlgorithmParameterException("inappropriate CertPath type specified, must be X.509 or X509");
            }
            this.certPath = certPath;
        }

        ValidatorParams(PKIXParameters pKIXParameters) throws InvalidAlgorithmParameterException {
            this.variant = "generic";
            if (pKIXParameters instanceof PKIXExtendedParameters) {
                this.timestamp = ((PKIXExtendedParameters) pKIXParameters).getTimestamp();
                this.variant = ((PKIXExtendedParameters) pKIXParameters).getVariant();
            }
            this.anchors = pKIXParameters.getTrustAnchors();
            Iterator<TrustAnchor> it = this.anchors.iterator();
            while (it.hasNext()) {
                if (it.next().getNameConstraints() != null) {
                    throw new InvalidAlgorithmParameterException("name constraints in trust anchor not supported");
                }
            }
            this.params = pKIXParameters;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertPath certPath() {
            return this.certPath;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setCertPath(CertPath certPath) {
            this.certPath = certPath;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public List<X509Certificate> certificates() {
            if (this.certs == null) {
                if (this.certPath == null) {
                    this.certs = Collections.emptyList();
                } else {
                    ArrayList arrayList = new ArrayList(this.certPath.getCertificates());
                    Collections.reverse(arrayList);
                    this.certs = arrayList;
                }
            }
            return this.certs;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public List<PKIXCertPathChecker> certPathCheckers() {
            if (this.checkers == null) {
                this.checkers = this.params.getCertPathCheckers();
            }
            return this.checkers;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public List<CertStore> certStores() {
            if (this.stores == null) {
                this.stores = this.params.getCertStores();
            }
            return this.stores;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Date date() {
            if (!this.gotDate) {
                if (this.timestamp == null || !(this.variant.equals("code signing") || this.variant.equals("plugin code signing"))) {
                    this.date = this.params.getDate();
                    if (this.date == null) {
                        this.date = new Date();
                    }
                } else {
                    this.date = this.timestamp.getTimestamp();
                }
                this.gotDate = true;
            }
            return this.date;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Set<String> initialPolicies() {
            if (this.policies == null) {
                this.policies = this.params.getInitialPolicies();
            }
            return this.policies;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertSelector targetCertConstraints() {
            if (!this.gotConstraints) {
                this.constraints = this.params.getTargetCertConstraints();
                this.gotConstraints = true;
            }
            return this.constraints;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Set<TrustAnchor> trustAnchors() {
            return this.anchors;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean revocationEnabled() {
            return this.params.isRevocationEnabled();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean policyMappingInhibited() {
            return this.params.isPolicyMappingInhibited();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean explicitPolicyRequired() {
            return this.params.isExplicitPolicyRequired();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean policyQualifiersRejected() {
            return this.params.getPolicyQualifiersRejected();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String sigProvider() {
            return this.params.getSigProvider();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean anyPolicyInhibited() {
            return this.params.isAnyPolicyInhibited();
        }

        PKIXParameters getPKIXParameters() {
            return this.params;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String variant() {
            return this.variant;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Date timestamp() {
            if (this.timestampDate == null) {
                this.timestampDate = this.timestamp != null ? this.timestamp.getTimestamp() : date();
            }
            return this.timestampDate;
        }
    }

    private PKIX() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isDSAPublicKeyWithoutParams(PublicKey publicKey) {
        return (publicKey instanceof DSAPublicKey) && ((DSAPublicKey) publicKey).getParams() == null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ValidatorParams checkParams(CertPath certPath, CertPathParameters certPathParameters) throws InvalidAlgorithmParameterException {
        if (certPathParameters instanceof PKIXParameters) {
            return new ValidatorParams(certPath, (PKIXParameters) certPathParameters);
        }
        throw new InvalidAlgorithmParameterException("inappropriate params, must be an instance of PKIXParameters");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static BuilderParams checkBuilderParams(CertPathParameters certPathParameters) throws InvalidAlgorithmParameterException {
        if (certPathParameters instanceof PKIXBuilderParameters) {
            return new BuilderParams((PKIXBuilderParameters) certPathParameters);
        }
        throw new InvalidAlgorithmParameterException("inappropriate params, must be an instance of PKIXBuilderParameters");
    }
}
