package com.blackberry.security.trustmgr.jca;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;

/* loaded from: classes2.dex */
public class JcaValidationContext {
    private static final String ALGORITHM_CERT_STORE = "Collection";
    private static final String ALGORITHM_PKIX = "PKIX";
    private static final String ANDROID_CA_STORE = "AndroidCAStore";
    public static final String PROVIDER_BOUNCY_CASTLE = "BC";
    private boolean mEnableRevocationCheck = false;
    private String mProviderName;
    private Date mReferenceDate;
    private KeyStore mTrustStore;

    /* loaded from: classes2.dex */
    public static class Result {
        private final PKIXCertPathBuilderResult mResult;

        Result(PKIXCertPathBuilderResult pKIXCertPathBuilderResult) {
            this.mResult = pKIXCertPathBuilderResult;
        }

        public CertPath getCertPath() {
            return this.mResult.getCertPath();
        }

        public TrustAnchor getTrustAnchor() {
            return this.mResult.getTrustAnchor();
        }
    }

    private KeyStore createDefaultTrustStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_CA_STORE);
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new CertificateException("Failed to initialize trust store: AndroidCAStore", e);
        }
    }

    private void validateCertPath(CertPath certPath, TrustAnchor trustAnchor) {
        try {
            CertPathValidator certPathValidator = this.mProviderName != null ? CertPathValidator.getInstance(ALGORITHM_PKIX, this.mProviderName) : CertPathValidator.getInstance(ALGORITHM_PKIX);
            HashSet hashSet = new HashSet();
            hashSet.add(trustAnchor);
            try {
                PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
                pKIXParameters.setRevocationEnabled(this.mEnableRevocationCheck);
                pKIXParameters.setDate(this.mReferenceDate);
                try {
                    certPathValidator.validate(certPath, pKIXParameters);
                } catch (InvalidAlgorithmParameterException | CertPathValidatorException e) {
                    throw new CertificateException("Validation failed", e);
                }
            } catch (InvalidAlgorithmParameterException e2) {
                throw new CertificateException("Failed to initialize PKIXParameters", e2);
            }
        } catch (NoSuchAlgorithmException | NoSuchProviderException e3) {
            throw new CertificateException("Failed to initialize CertPathValidator", e3);
        }
    }

    public void enableRevocationCheck(boolean z) {
        this.mEnableRevocationCheck = z;
    }

    public KeyStore getTrustStore() {
        if (this.mTrustStore == null) {
            this.mTrustStore = createDefaultTrustStore();
        }
        return this.mTrustStore;
    }

    public void setProvider(String str) {
        this.mProviderName = str;
    }

    public void setReferenceDate(Date date) {
        this.mReferenceDate = date;
    }

    public void setTrustStore(KeyStore keyStore) {
        this.mTrustStore = keyStore;
    }

    public Result validate(Certificate certificate, Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        if (certificate == null) {
            throw new NullPointerException("entity certificate == null");
        }
        arrayList.add(certificate);
        if (certificateArr != null) {
            for (Certificate certificate2 : certificateArr) {
                arrayList.add(certificate2);
            }
        }
        CollectionCertStoreParameters collectionCertStoreParameters = new CollectionCertStoreParameters(arrayList);
        try {
            CertStore certStore = this.mProviderName != null ? CertStore.getInstance(ALGORITHM_CERT_STORE, collectionCertStoreParameters, this.mProviderName) : CertStore.getInstance(ALGORITHM_CERT_STORE, collectionCertStoreParameters);
            if (!(certificate instanceof X509Certificate)) {
                throw new CertificateException("Unsupported entity certificate type: " + certificate.getType());
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) certificate);
            try {
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(getTrustStore(), x509CertSelector);
                pKIXBuilderParameters.setCertStores(Arrays.asList(certStore));
                pKIXBuilderParameters.setDate(this.mReferenceDate);
                pKIXBuilderParameters.setRevocationEnabled(this.mEnableRevocationCheck);
                try {
                    CertPathBuilder certPathBuilder = this.mProviderName != null ? CertPathBuilder.getInstance(ALGORITHM_PKIX, this.mProviderName) : CertPathBuilder.getInstance(ALGORITHM_PKIX);
                    try {
                        PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) certPathBuilder.build(pKIXBuilderParameters);
                        if (!certPathBuilder.getProvider().getName().equals(PROVIDER_BOUNCY_CASTLE)) {
                            validateCertPath(pKIXCertPathBuilderResult.getCertPath(), pKIXCertPathBuilderResult.getTrustAnchor());
                        }
                        return new Result(pKIXCertPathBuilderResult);
                    } catch (ClassCastException | InvalidAlgorithmParameterException | CertPathBuilderException e) {
                        throw new CertificateException("Failed to buildX509TrustManager path", e);
                    }
                } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
                    throw new CertificateException("Failed to initialize CertPathBuilder", e2);
                }
            } catch (InvalidAlgorithmParameterException | KeyStoreException e3) {
                throw new CertificateException("Failed to initialize CertPathBuilder params", e3);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e4) {
            throw new CertificateException("Failed to initialize entity CertStore", e4);
        }
    }
}
