package uz.yt.cams.pki;

import java.security.Provider;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import uz.yt.cams.pki.dto.CertificateMatch;
import uz.yt.cams.pki.exception.CertificatePathBuildException;
import uz.yt.cams.pki.exception.CertificatePathValidationException;
import uz.yt.cams.pki.provider.TrustedCertificateProvider;

/* loaded from: classes2.dex */
public class CertificatePathBuilderValidator {
    public static final String ALG_NAME = "PKIX";
    private PKIXCertPathBuilderResult certPathBuilderResult;
    private PKIXParameters parameters;
    private final Provider provider;
    private final TrustedCertificateProvider trustedCertificateProvider;

    /* loaded from: classes2.dex */
    class PKIXCertPathCheckerExt extends PKIXCertPathChecker {
        Set supportedExtensions = Collections.singleton("2.5.29.37");

        PKIXCertPathCheckerExt() {
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
            if (collection != null) {
                collection.remove("2.5.29.37");
            }
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public Set<String> getSupportedExtensions() {
            return this.supportedExtensions;
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public void init(boolean z) throws CertPathValidatorException {
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public boolean isForwardCheckingSupported() {
            return true;
        }
    }

    public CertificatePathBuilderValidator(Provider provider, TrustedCertificateProvider trustedCertificateProvider) {
        this.provider = provider;
        this.trustedCertificateProvider = trustedCertificateProvider;
    }

    public PKIXCertPathBuilderResult buildCertPath(X509Certificate x509Certificate, List<X509Certificate> list, Date date) throws CertificatePathBuildException {
        try {
            if (this.trustedCertificateProvider == null) {
                throw new CertificatePathBuildException("TRUSTED CERTIFICATE PROVIDER IS NULL");
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            LinkedList linkedList = new LinkedList();
            linkedList.addAll(list);
            CertificateMatch certificateMatch = new CertificateMatch(null, date);
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            for (X509Certificate x509Certificate2 : this.trustedCertificateProvider.get(certificateMatch)) {
                linkedHashSet.add(new TrustAnchor(x509Certificate2, null));
                if (!linkedList.contains(x509Certificate2)) {
                    linkedList.add(x509Certificate2);
                }
            }
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(linkedList), this.provider);
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(linkedHashSet, x509CertSelector);
            this.parameters = pKIXBuilderParameters;
            pKIXBuilderParameters.addCertStore(certStore);
            this.parameters.setDate(date);
            this.parameters.setRevocationEnabled(false);
            this.parameters.setCertPathCheckers(Collections.singletonList(new PKIXCertPathCheckerExt()));
            PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance(ALG_NAME, this.provider).build(this.parameters);
            this.certPathBuilderResult = pKIXCertPathBuilderResult;
            return pKIXCertPathBuilderResult;
        } catch (Throwable th) {
            throw new CertificatePathBuildException(th);
        }
    }

    public PKIXCertPathValidatorResult validateCertPath() throws CertificatePathValidationException {
        try {
            return (PKIXCertPathValidatorResult) CertPathValidator.getInstance(ALG_NAME, this.provider).validate(this.certPathBuilderResult.getCertPath(), this.parameters);
        } catch (Throwable th) {
            throw new CertificatePathValidationException(th);
        }
    }
}
