package sun.security.d.a;

import java.io.IOException;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.security.e.ap;
import sun.security.e.aq;
import sun.security.e.as;
import sun.security.e.az;
import sun.security.e.bn;
import sun.security.e.bt;
import sun.security.e.bz;

/* loaded from: classes.dex */
public abstract class b {
    final PKIXBuilderParameters a;
    final X500Principal b;
    final Date c;
    final X509CertSelector d;
    private Set g;
    private static final sun.security.util.e f = sun.security.util.e.a("certpath");
    static final boolean e = ((Boolean) AccessController.doPrivileged(new sun.security.a.a("com.sun.security.enableAIAcaIssuers"))).booleanValue();

    b(PKIXBuilderParameters pKIXBuilderParameters, X500Principal x500Principal) {
        this.a = pKIXBuilderParameters;
        this.b = x500Principal;
        Date date = pKIXBuilderParameters.getDate();
        this.c = date == null ? new Date() : date;
        this.d = (X509CertSelector) pKIXBuilderParameters.getTargetCertConstraints();
    }

    static int a(ap apVar, ap apVar2, int i) {
        switch (apVar.a(apVar2)) {
            case -1:
                if (f != null) {
                    f.c("Builder.distance(): Names are different types");
                    break;
                }
                break;
            case 0:
                return 0;
            case 1:
            case 2:
                return apVar2.c() - apVar.c();
            case 3:
                break;
            default:
                return i;
        }
        if (f == null) {
            return i;
        }
        f.c("Builder.distance(): Names are same type but in different subtrees");
        return i;
    }

    static int a(az azVar, X509Certificate x509Certificate, ap apVar) throws IOException {
        aq aqVar;
        if (azVar != null && !azVar.a(x509Certificate)) {
            throw new IOException("certificate does not satisfy existing name constraints");
        }
        try {
            bz f2 = bz.f(x509Certificate);
            if (bt.a(f2.getSubjectX500Principal()).equals(apVar)) {
                return 0;
            }
            bn n = f2.n();
            if (n != null && (aqVar = (aq) n.a(bn.c)) != null) {
                int b = aqVar.b();
                for (int i = 0; i < b; i++) {
                    if (aqVar.a(i).b().equals(apVar)) {
                        return 0;
                    }
                }
            }
            az j = f2.j();
            if (j == null) {
                return -1;
            }
            if (azVar != null) {
                azVar.a(j);
            } else {
                azVar = (az) j.clone();
            }
            if (f != null) {
                f.c("Builder.targetDistance() merged constraints: " + String.valueOf(azVar));
            }
            as asVar = (as) azVar.a(az.c);
            as asVar2 = (as) azVar.a(az.d);
            if (asVar != null) {
                asVar.c(asVar2);
            }
            if (f != null) {
                f.c("Builder.targetDistance() reduced constraints: " + asVar);
            }
            if (!azVar.a(apVar)) {
                throw new IOException("New certificate not allowed to sign certificate for target");
            }
            if (asVar == null) {
                return -1;
            }
            int a = asVar.a();
            for (int i2 = 0; i2 < a; i2++) {
                int a2 = a(asVar.a(i2).a().b(), apVar, -1);
                if (a2 >= 0) {
                    return a2 + 1;
                }
            }
            return -1;
        } catch (CertificateException e2) {
            throw ((IOException) new IOException("Invalid certificate").initCause(e2));
        }
    }

    static boolean a(CertStore certStore) {
        return certStore.getType().equals("Collection") || (certStore.getCertStoreParameters() instanceof CollectionCertStoreParameters);
    }

    static int b(ap apVar, ap apVar2, int i) {
        switch (apVar.a(apVar2)) {
            case -1:
                if (f == null) {
                    return i;
                }
                f.c("Builder.hops(): Names are different types");
                return i;
            case 0:
                return 0;
            case 1:
                return apVar2.c() - apVar.c();
            case 2:
                return apVar2.c() - apVar.c();
            case 3:
                if (apVar.a() != 4) {
                    if (f == null) {
                        return i;
                    }
                    f.c("Builder.hops(): hopDistance not implemented for this name type");
                    return i;
                }
                bt btVar = (bt) apVar;
                bt btVar2 = (bt) apVar2;
                bt a = btVar.a(btVar2);
                if (a != null) {
                    return (btVar.c() + btVar2.c()) - (a.c() * 2);
                }
                if (f == null) {
                    return i;
                }
                f.c("Builder.hops(): Names are in different namespaces");
                return i;
            default:
                return i;
        }
    }

    abstract Collection a(i iVar, List list) throws CertStoreException, CertificateException, IOException;

    Set a() {
        if (this.g != null) {
            Set<String> initialPolicies = this.a.getInitialPolicies();
            if (initialPolicies.isEmpty() || initialPolicies.contains("2.5.29.32.0") || !this.a.isPolicyMappingInhibited()) {
                this.g = Collections.emptySet();
            } else {
                initialPolicies.add("2.5.29.32.0");
                this.g = initialPolicies;
            }
        }
        return this.g;
    }

    abstract void a(X509Certificate x509Certificate, LinkedList linkedList);

    abstract void a(X509Certificate x509Certificate, i iVar, List list) throws GeneralSecurityException;

    abstract void a(LinkedList linkedList);

    boolean a(X509CertSelector x509CertSelector, Collection collection, Collection collection2, boolean z) {
        CertStoreException certStoreException;
        boolean z2;
        boolean z3 = false;
        X509Certificate certificate = x509CertSelector.getCertificate();
        if (certificate != null) {
            if (!x509CertSelector.match(certificate) || bz.a(certificate, this.a.getSigProvider())) {
                return false;
            }
            if (f != null) {
                f.c("Builder.addMatchingCerts: adding target cert");
            }
            return collection2.add(certificate);
        }
        Iterator it = collection.iterator();
        while (true) {
            boolean z4 = z3;
            if (!it.hasNext()) {
                return z4;
            }
            try {
                z2 = z4;
                for (Certificate certificate2 : ((CertStore) it.next()).getCertificates(x509CertSelector)) {
                    try {
                        z2 = (bz.a((X509Certificate) certificate2, this.a.getSigProvider()) || !collection2.add((X509Certificate) certificate2)) ? z2 : true;
                    } catch (CertStoreException e2) {
                        certStoreException = e2;
                        z3 = z2;
                        if (f != null) {
                            f.c("Builder.addMatchingCerts, non-fatal exception retrieving certs: " + certStoreException);
                            certStoreException.printStackTrace();
                        }
                    }
                }
            } catch (CertStoreException e3) {
                z3 = z4;
                certStoreException = e3;
            }
            if (!z && z2) {
                return true;
            }
            z3 = z2;
        }
    }

    abstract boolean a(X509Certificate x509Certificate);
}
