package sun.security.provider.certpath;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
import sun.security.x509.GeneralNameInterface;
import sun.security.x509.GeneralNames;
import sun.security.x509.GeneralSubtrees;
import sun.security.x509.NameConstraintsExtension;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:sun/security/provider/certpath/Builder.class */
public abstract class Builder {
    private static final Debug debug = Debug.getInstance("certpath");
    final PKIXBuilderParameters buildParams;
    final X500Principal targetSubjectDN;

    abstract boolean isPathCompleted(X509Certificate x509Certificate);

    abstract void removeFinalCertFromPath(LinkedList linkedList);

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set getMatchingPolicies() {
        Set<String> initialPolicies = this.buildParams.getInitialPolicies();
        if (initialPolicies.isEmpty() || initialPolicies.contains("2.5.29.32.0") || !this.buildParams.isPolicyMappingInhibited()) {
            return new HashSet();
        }
        initialPolicies.add("2.5.29.32.0");
        return initialPolicies;
    }

    abstract Collection getMatchingCerts(State state) throws CertStoreException, CertificateException, IOException;

    abstract void addCertToPath(X509Certificate x509Certificate, LinkedList linkedList);

    /* JADX INFO: Access modifiers changed from: package-private */
    public Builder(PKIXBuilderParameters pKIXBuilderParameters, X500Principal x500Principal) {
        this.buildParams = pKIXBuilderParameters;
        this.targetSubjectDN = x500Principal;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int distance(GeneralNameInterface generalNameInterface, GeneralNameInterface generalNameInterface2) throws IOException {
        switch (generalNameInterface.constrains(generalNameInterface2)) {
            case -1:
                throw new IOException("Names are different types");
            case 0:
                return 0;
            case 1:
            case 2:
                return generalNameInterface2.subtreeDepth() - generalNameInterface.subtreeDepth();
            case 3:
                throw new IOException("Names are same type but in different subtrees");
            default:
                throw new IOException("Unknown name relationship");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int hops(GeneralNameInterface generalNameInterface, GeneralNameInterface generalNameInterface2) throws IOException {
        switch (generalNameInterface.constrains(generalNameInterface2)) {
            case -1:
                throw new IOException("Names are different types");
            case 0:
                return 0;
            case 1:
                return generalNameInterface2.subtreeDepth() - generalNameInterface.subtreeDepth();
            case 2:
                return generalNameInterface2.subtreeDepth() - generalNameInterface.subtreeDepth();
            case 3:
                if (generalNameInterface.getType() != 4) {
                    throw new IOException("hopDistance not implemented for this name type");
                }
                X500Name x500Name = (X500Name) generalNameInterface;
                X500Name x500Name2 = (X500Name) generalNameInterface2;
                X500Name commonAncestor = x500Name.commonAncestor(x500Name2);
                if (commonAncestor == null) {
                    throw new IOException("Names are in different namespaces");
                }
                return (x500Name.subtreeDepth() + x500Name2.subtreeDepth()) - (2 * commonAncestor.subtreeDepth());
            default:
                throw new IOException("Unknown name relationship");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addMatchingCerts(X509CertSelector x509CertSelector, Collection collection, Collection collection2) {
        X509Certificate certificate = x509CertSelector.getCertificate();
        if (certificate != null) {
            if (!x509CertSelector.match(certificate) || X509CertImpl.isSelfIssued(certificate)) {
                return;
            }
            collection2.add(certificate);
            return;
        }
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            try {
                Iterator<? extends Certificate> it2 = ((CertStore) it.next()).getCertificates(x509CertSelector).iterator();
                while (it2.hasNext()) {
                    X509Certificate x509Certificate = (X509Certificate) it2.next();
                    if (!X509CertImpl.isSelfIssued(x509Certificate)) {
                        collection2.add(x509Certificate);
                    }
                }
            } catch (CertStoreException e) {
            }
        }
    }

    abstract void verifyCert(X509Certificate x509Certificate, State state, List list) throws GeneralSecurityException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int targetDistance(NameConstraintsExtension nameConstraintsExtension, X509Certificate x509Certificate, GeneralNameInterface generalNameInterface) throws IOException {
        int distance;
        GeneralNames generalNames;
        if (nameConstraintsExtension != null && !nameConstraintsExtension.verify(x509Certificate)) {
            throw new IOException("certificate does not satisfy existing name constraints");
        }
        try {
            X509CertImpl impl = X509CertImpl.toImpl(x509Certificate);
            if (X500Name.asX500Name(impl.getSubjectX500Principal()).equals(generalNameInterface)) {
                return 0;
            }
            SubjectAlternativeNameExtension subjectAlternativeNameExtension = impl.getSubjectAlternativeNameExtension();
            if (subjectAlternativeNameExtension != null && (generalNames = (GeneralNames) subjectAlternativeNameExtension.get(SubjectAlternativeNameExtension.SUBJECT_NAME)) != null) {
                int size = generalNames.size();
                for (int i = 0; i < size; i++) {
                    if (generalNames.get(i).getName().equals(generalNameInterface)) {
                        return 0;
                    }
                }
            }
            NameConstraintsExtension nameConstraintsExtension2 = impl.getNameConstraintsExtension();
            if (nameConstraintsExtension2 == null) {
                return -1;
            }
            if (nameConstraintsExtension != null) {
                nameConstraintsExtension.merge(nameConstraintsExtension2);
            } else {
                nameConstraintsExtension = nameConstraintsExtension2 == null ? new NameConstraintsExtension(new GeneralSubtrees(), new GeneralSubtrees()) : nameConstraintsExtension2;
            }
            if (debug != null) {
                debug.println(new StringBuffer().append("Builder.targetDistance() merged constraints: ").append(String.valueOf(nameConstraintsExtension)).toString());
            }
            GeneralSubtrees generalSubtrees = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.PERMITTED_SUBTREES);
            GeneralSubtrees generalSubtrees2 = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
            if (generalSubtrees != null) {
                generalSubtrees.reduce(generalSubtrees2);
            }
            if (debug != null) {
                debug.println(new StringBuffer().append("Builder.targetDistance() reduced constraints: ").append(generalSubtrees).toString());
            }
            if (!nameConstraintsExtension.verify(generalNameInterface)) {
                throw new IOException("New certificate not allowed to sign certificate for target");
            }
            if (generalSubtrees == null) {
                return -1;
            }
            int size2 = generalSubtrees.size();
            for (int i2 = 0; i2 < size2; i2++) {
                try {
                    distance = distance(generalSubtrees.get(i2).getName().getName(), generalNameInterface);
                } catch (IOException e) {
                }
                if (distance >= 0) {
                    return distance + 1;
                }
                continue;
            }
            return -1;
        } catch (CertificateException e2) {
            throw ((IOException) new IOException("Invalid certificate").initCause(e2));
        }
    }
}
