package ru.CryptoPro.reprov.certpath;

import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.Set;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.cl_9;
import ru.CryptoPro.reprov.x509.X500Name;
import ru.CryptoPro.reprov.x509.X500Principal;
import ru.CryptoPro.reprov.x509.X509CertImpl;

/* loaded from: classes3.dex */
class BasicChecker extends PKIXCertPathChecker {
    private final PublicKey a;
    private final X500Principal b;
    private final Date c;
    private final String d;
    private final boolean e;
    private X500Principal f;
    private PublicKey g;

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicChecker(TrustAnchor trustAnchor, Date date, String str, boolean z) throws CertPathValidatorException {
        X500Principal x500Principal;
        if (trustAnchor.getTrustedCert() != null) {
            this.a = trustAnchor.getTrustedCert().getPublicKey();
            if (trustAnchor.getTrustedCert().getSubjectX500Principal() != null) {
                x500Principal = new X500Principal(trustAnchor.getTrustedCert().getSubjectX500Principal().getEncoded());
                this.b = x500Principal;
            }
            this.b = null;
        } else {
            this.a = trustAnchor.getCAPublicKey();
            if (trustAnchor.getCA() != null) {
                x500Principal = new X500Principal(trustAnchor.getCA().getEncoded());
                this.b = x500Principal;
            }
            this.b = null;
        }
        this.c = date;
        this.d = str;
        this.e = z;
        init(false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey a(PublicKey publicKey, PublicKey publicKey2) throws CertPathValidatorException {
        if (!(publicKey instanceof DSAPublicKey) || !(publicKey2 instanceof DSAPublicKey)) {
            throw new CertPathValidatorException("Input key is not appropriate type for inheriting parameters");
        }
        DSAParams params = ((DSAPublicKey) publicKey2).getParams();
        if (params == null) {
            throw new CertPathValidatorException("Key parameters missing");
        }
        try {
            return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(((DSAPublicKey) publicKey).getY(), params.getP(), params.getQ(), params.getG()));
        } catch (GeneralSecurityException e) {
            throw new CertPathValidatorException("Unable to generate key with inherited parameters: " + e.getMessage(), e);
        }
    }

    private void a(X509Certificate x509Certificate) throws CertPathValidatorException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        JCPLogger.finerFormat("BasicChecker.updateState issuer: {0}; subject: {1}; serial#: {2}", x509Certificate.getIssuerX500Principal(), x509Certificate.getSubjectX500Principal(), x509Certificate.getSerialNumber());
        if ((publicKey instanceof DSAPublicKey) && ((DSAPublicKey) publicKey).getParams() == null) {
            publicKey = a(publicKey, this.g);
            JCPLogger.finer("BasicChecker.updateState Made key with inherited params");
        }
        this.g = publicKey;
        if (x509Certificate.getSubjectX500Principal() != null) {
            this.f = new X500Principal(x509Certificate.getSubjectX500Principal().getEncoded());
        }
    }

    private void a(X509Certificate x509Certificate, PublicKey publicKey, String str) throws CertPathValidatorException {
        JCPLogger.finerFormat("---checking {0}...", X509CertImpl.SIGNATURE);
        try {
            x509Certificate.verify(publicKey, str);
            JCPLogger.finerFormat("{0} verified.", X509CertImpl.SIGNATURE);
        } catch (SignatureException e) {
            if (cl_9.a()) {
                throw new CertPathValidatorException(X509CertImpl.SIGNATURE + " check failed", e, null, -1, CertPathValidatorException.BasicReason.INVALID_SIGNATURE);
            }
            throw new CertPathValidatorException(X509CertImpl.SIGNATURE + " check failed", e);
        } catch (Exception e2) {
            throw new CertPathValidatorException(X509CertImpl.SIGNATURE + " check failed", e2);
        }
    }

    private void a(X509Certificate x509Certificate, Date date) throws CertPathValidatorException {
        JCPLogger.finerFormat("---checking {0}: {1}...", "timestamp", date);
        try {
            x509Certificate.checkValidity(date);
            JCPLogger.finerFormat("{0} verified.", "timestamp");
        } catch (CertificateExpiredException e) {
            if (cl_9.a()) {
                throw new CertPathValidatorException("timestamp check failed", e, null, -1, CertPathValidatorException.BasicReason.EXPIRED);
            }
            throw new CertPathValidatorException("timestamp check failed", e);
        } catch (CertificateNotYetValidException e2) {
            if (cl_9.a()) {
                throw new CertPathValidatorException("timestamp check failed", e2, null, -1, CertPathValidatorException.BasicReason.NOT_YET_VALID);
            }
            throw new CertPathValidatorException("timestamp check failed", e2);
        }
    }

    private void a(X509Certificate x509Certificate, X500Principal x500Principal) throws CertPathValidatorException {
        if (x500Principal != null) {
            JCPLogger.finerFormat("---checking {0}...", "subject/issuer name chaining");
            X500Principal x500Principal2 = x509Certificate.getIssuerX500Principal() != null ? new X500Principal(x509Certificate.getIssuerX500Principal().getEncoded()) : null;
            if (X500Name.asX500Name(x500Principal2).isEmpty()) {
                if (cl_9.a()) {
                    throw new CertPathValidatorException("subject/issuer name chaining check failed: empty/null issuer DN in certificate is invalid", null, null, -1, PKIXReason.NAME_CHAINING);
                }
                throw new CertPathValidatorException("subject/issuer name chaining check failed: empty/null issuer DN in certificate is invalid");
            }
            if (x500Principal2.equals(x500Principal)) {
                JCPLogger.finerFormat("{0} verified.", "subject/issuer name chaining");
                return;
            }
            if (cl_9.a()) {
                throw new CertPathValidatorException("subject/issuer name chaining check failed", null, null, -1, PKIXReason.NAME_CHAINING);
            }
            throw new CertPathValidatorException("subject/issuer name chaining check failed");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PublicKey a() {
        return this.g;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!this.e) {
            a(x509Certificate, this.c);
            a(x509Certificate, this.f);
        }
        a(x509Certificate, this.g, this.d);
        a(x509Certificate);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.g = this.a;
        this.f = this.b;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
