package com.ibm.security.cert;

import com.ibm.misc.Debug;
import com.ibm.security.util.DerValue;
import com.ibm.security.x509.AuthorityKeyIdentifierExtension;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:efixes/JDKiFix_nd_solaris/components/prereq.jdk/update.jar:/java/jre/lib/endorsed/ibmcertpathprovider.jar:com/ibm/security/cert/PKIXCertPathBuilderImpl.class */
public class PKIXCertPathBuilderImpl extends CertPathBuilderSpi {
    private static final Debug debug = Debug.getInstance("certpath");
    private static final String x509String = "X.509";

    @Override // java.security.cert.CertPathBuilderSpi
    public CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        X509Certificate certificate;
        if (debug != null) {
            System.out.println(new StringBuffer().append("CERTPATH: to build a certpath with parameters ").append(certPathParameters).append(")").toString());
        }
        LinkedList linkedList = new LinkedList();
        new ArrayList();
        LinkedList linkedList2 = new LinkedList();
        Object[] objArr = {null, null};
        boolean z = false;
        if (!(certPathParameters instanceof PKIXBuilderParameters)) {
            throw new InvalidAlgorithmParameterException("Parameters are not an instance of PKIXBuilderParameters");
        }
        PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) certPathParameters;
        List certStores = pKIXBuilderParameters.getCertStores();
        int maxPathLength = pKIXBuilderParameters.getMaxPathLength();
        String[] taNames = getTaNames(pKIXBuilderParameters.getTrustAnchors());
        CertSelector targetCertConstraints = pKIXBuilderParameters.getTargetCertConstraints();
        if (targetCertConstraints == null) {
            throw new InvalidAlgorithmParameterException("TargetCertConstraints is not set in the CertPathParameters");
        }
        if (!(targetCertConstraints instanceof X509CertSelector)) {
            throw new InvalidAlgorithmParameterException("TargetCertConstrants is not an instance of X509CertSelector");
        }
        if (pKIXBuilderParameters.getDate() == null) {
            new Date();
        }
        X509CertSelector x509CertSelector = (X509CertSelector) targetCertConstraints;
        if (IBMCertPathHelper.getSubject(x509CertSelector) == null && (certificate = x509CertSelector.getCertificate()) != null) {
            Principal subjectDN = certificate.getSubjectDN();
            if (!(subjectDN instanceof X500Name)) {
                try {
                    subjectDN = new X509CertImpl(certificate.getEncoded()).getSubjectDN();
                } catch (CertificateException e) {
                }
            }
            IBMCertPathHelper.setSubject(x509CertSelector, (X500Name) subjectDN);
        }
        if (IBMCertPathHelper.getSubject(x509CertSelector) == null) {
            throw new InvalidAlgorithmParameterException("TargetSubject must be set");
        }
        Iterator it = certStores.iterator();
        while (it.hasNext()) {
            try {
                Collection certificates = ((CertStore) it.next()).getCertificates(x509CertSelector);
                if (!certificates.isEmpty()) {
                    linkedList.addAll(certificates);
                }
            } catch (CertStoreException e2) {
                throw new CertPathBuilderException(new StringBuffer().append("Exception caught: ").append(e2).toString());
            }
        }
        if (linkedList.isEmpty()) {
            throw new CertPathBuilderException("No end-entity certificate matching the selection criteria could be found.");
        }
        if (linkedList.size() > 1 && IBMCertPathHelper.getSubject(x509CertSelector) == null) {
            throw new InvalidAlgorithmParameterException("TargetSubject must be set, target constraints do not uniquely identify a certificate");
        }
        X509CertSelector x509CertSelector2 = new X509CertSelector();
        Iterator it2 = linkedList.iterator();
        while (it2.hasNext() && !z) {
            X509Certificate x509Certificate = (X509Certificate) it2.next();
            linkedList2.add(x509Certificate);
            x509CertSelector2 = createCASelector(x509Certificate, x509CertSelector2);
            objArr = buildCertPath(x509CertSelector2, certStores, linkedList2, pKIXBuilderParameters, maxPathLength, taNames);
            if (objArr[1] != null) {
                z = true;
            } else {
                linkedList2.clear();
            }
        }
        CertPath certPath = (CertPath) objArr[0];
        if (objArr[1] instanceof Exception) {
            if (debug != null) {
                System.out.println("CERTPATH: PKIXCertPathBuilderImpl.engineBuild() exception thrown");
                ((Exception) objArr[1]).printStackTrace();
            }
            throw new CertPathBuilderException("PKIXCertPathBuilderImpl could not build a valid CertPath.", (Exception) objArr[1]);
        }
        PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) objArr[1];
        try {
            return new PKIXCertPathBuilderResult(certPath, pKIXCertPathValidatorResult.getTrustAnchor(), pKIXCertPathValidatorResult.getPolicyTree(), pKIXCertPathValidatorResult.getPublicKey());
        } catch (NullPointerException e3) {
            if (debug != null) {
                System.out.println("CERTPATH: exception thrown while constructing builder result");
                e3.printStackTrace();
            }
            throw ((CertPathBuilderException) new CertPathBuilderException().initCause(e3));
        }
    }

    private Object[] buildCertPath(X509CertSelector x509CertSelector, List list, LinkedList linkedList, PKIXBuilderParameters pKIXBuilderParameters, int i, String[] strArr) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        new ArrayList();
        LinkedList linkedList2 = new LinkedList();
        Object[] objArr = {null, null};
        boolean z = false;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                Collection certificates = ((CertStore) it.next()).getCertificates(x509CertSelector);
                if (!certificates.isEmpty()) {
                    linkedList2.addAll(certificates);
                }
            } catch (CertStoreException e) {
                throw new CertPathBuilderException(new StringBuffer().append("Exception caught: ").append(e).toString());
            }
        }
        if (linkedList.size() <= i || i == -1) {
            Iterator it2 = linkedList2.iterator();
            while (it2.hasNext() && !z) {
                X509Certificate x509Certificate = (X509Certificate) it2.next();
                if (!linkedList.contains(x509Certificate)) {
                    if (!isEndOfCertPath(x509Certificate, strArr)) {
                        linkedList.add(x509Certificate);
                        x509CertSelector = createCASelector(x509Certificate, x509CertSelector);
                        objArr = buildCertPath(x509CertSelector, list, linkedList, pKIXBuilderParameters, i, strArr);
                        if (objArr[1] != null) {
                            z = true;
                        }
                    } else {
                        if (i != -1 && linkedList.size() > i) {
                            throw new CertPathBuilderException("length of cert chain exceeds max path length");
                        }
                        objArr = myValidator(new CertPathImpl(x509String, linkedList), pKIXBuilderParameters);
                        if (objArr[1] != null) {
                            z = true;
                        }
                    }
                }
            }
        }
        if (objArr[1] == null) {
            X509Certificate x509Certificate2 = (X509Certificate) linkedList.getLast();
            if (isSelfSigned(x509Certificate2)) {
                linkedList.removeLast();
                if (linkedList.size() == 0) {
                    boolean z2 = false;
                    try {
                        if (CertPathUtil.findIssuer(x509Certificate2, pKIXBuilderParameters.getTrustAnchors(), pKIXBuilderParameters.getSigProvider()) != null) {
                            z2 = true;
                        }
                    } catch (CertPathValidatorException e2) {
                        if (debug != null) {
                            System.out.println(new StringBuffer().append("CERTPATH: failed to validate the certpath ").append(e2.toString()).toString());
                        }
                    }
                    if (!z2) {
                        throw new CertPathBuilderException("unable to find valid certification path to requested target");
                    }
                }
            }
            CertPathImpl certPathImpl = new CertPathImpl(x509String, linkedList);
            objArr = myValidator(certPathImpl, pKIXBuilderParameters);
            if (!(objArr[1] instanceof Exception)) {
                objArr[0] = certPathImpl;
            }
        }
        return objArr;
    }

    private boolean isSelfSigned(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN());
    }

    private X509CertSelector createCASelector(X509Certificate x509Certificate, X509CertSelector x509CertSelector) {
        try {
            x509CertSelector.setSubject("");
            x509CertSelector.setSubjectKeyIdentifier((byte[]) null);
            Principal issuerDN = x509Certificate.getIssuerDN();
            if (issuerDN instanceof X500Name) {
                IBMCertPathHelper.setSubject(x509CertSelector, (X500Name) issuerDN);
            } else {
                x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getName());
            }
            Object[] extension = CertPathUtil.getExtension("x509.info.extensions.AuthorityKeyIdentifier", x509Certificate);
            if (extension[1] != null) {
                x509CertSelector.setSubjectKeyIdentifier(new DerValue((byte) 4, ((KeyIdentifier) new AuthorityKeyIdentifierExtension((Boolean) extension[0], extension[1]).get("key_id")).getIdentifier()).toByteArray());
            }
        } catch (IOException e) {
        } catch (CertPathValidatorException e2) {
        }
        if (debug != null) {
            System.out.println("CERTPATH: created CA selector ");
            System.out.println(x509CertSelector.toString());
        }
        return x509CertSelector;
    }

    private Object[] myValidator(CertPath certPath, PKIXBuilderParameters pKIXBuilderParameters) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        Object[] objArr = {null, null};
        PKIXCertPathValidatorResult pKIXCertPathValidatorResult = null;
        try {
            pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) new PKIXCertPathValidatorImpl().engineValidate(certPath, pKIXBuilderParameters);
        } catch (InvalidAlgorithmParameterException e) {
            if (debug != null) {
                System.out.println("CERTPATH: myValidator has invalid parameter");
                e.printStackTrace();
            }
            objArr[1] = e;
        } catch (CertPathValidatorException e2) {
            if (debug != null) {
                System.out.println("CERTPATH: myValidator failed on validation");
                e2.printStackTrace();
            }
            objArr[1] = e2;
        }
        if (pKIXCertPathValidatorResult != null) {
            objArr[0] = certPath;
            objArr[1] = pKIXCertPathValidatorResult;
        }
        return objArr;
    }

    private String[] getTaNames(Set set) {
        int i = 0;
        String[] strArr = new String[set.size()];
        Iterator it = set.iterator();
        while (it.hasNext()) {
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            String cAName = trustAnchor.getCAName();
            if (cAName == null) {
                strArr[i] = trustAnchor.getTrustedCert().getSubjectDN().getName();
            } else {
                strArr[i] = cAName;
            }
            i++;
        }
        return strArr;
    }

    private boolean isEndOfCertPath(X509Certificate x509Certificate, String[] strArr) {
        String name = x509Certificate.getSubjectDN().getName();
        for (String str : strArr) {
            if (name.equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }
}
