package com.hidglobal.ia.activcastle.jce.provider;

import com.hidglobal.ia.activcastle.jcajce.PKIXExtendedParameters;
import com.hidglobal.ia.activcastle.jcajce.util.BCJcaJceHelper;
import com.hidglobal.ia.activcastle.jcajce.util.JcaJceHelper;
import com.hidglobal.ia.activcastle.jce.exception.ExtCertPathValidatorException;
import com.hidglobal.ia.activcastle.x509.ExtendedPKIXParameters;
import com.hidglobal.ia.activcastle.x509.X509AttributeCertStoreSelector;
import com.hidglobal.ia.activcastle.x509.X509AttributeCertificate;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;

/* loaded from: classes2.dex */
public class PKIXAttrCertPathValidatorSpi extends CertPathValidatorSpi {
    private final JcaJceHelper helper = new BCJcaJceHelper();

    @Override // java.security.cert.CertPathValidatorSpi
    public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        PKIXExtendedParameters pKIXExtendedParameters;
        if (!Class.forName("com.hidglobal.ia.activcastle.x509.ExtendedPKIXParameters").isInstance(certPathParameters) && !Class.forName("com.hidglobal.ia.activcastle.jcajce.PKIXExtendedParameters").isInstance(certPathParameters)) {
            StringBuilder sb = new StringBuilder("Parameters must be a ");
            sb.append(Class.forName("com.hidglobal.ia.activcastle.x509.ExtendedPKIXParameters").getName());
            sb.append(" instance.");
            throw new InvalidAlgorithmParameterException(sb.toString());
        }
        Set hashSet = new HashSet();
        Set hashSet2 = new HashSet();
        Set hashSet3 = new HashSet();
        HashSet hashSet4 = new HashSet();
        if (certPathParameters instanceof PKIXParameters) {
            PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder((PKIXParameters) certPathParameters);
            if (Class.forName("com.hidglobal.ia.activcastle.x509.ExtendedPKIXParameters").isInstance(certPathParameters)) {
                ExtendedPKIXParameters extendedPKIXParameters = (ExtendedPKIXParameters) certPathParameters;
                builder.setUseDeltasEnabled(extendedPKIXParameters.isUseDeltasEnabled());
                builder.setValidityModel(extendedPKIXParameters.getValidityModel());
                hashSet = extendedPKIXParameters.getAttrCertCheckers();
                hashSet2 = extendedPKIXParameters.getProhibitedACAttributes();
                hashSet3 = extendedPKIXParameters.getNecessaryACAttributes();
            }
            pKIXExtendedParameters = builder.build();
        } else {
            pKIXExtendedParameters = (PKIXExtendedParameters) certPathParameters;
        }
        PKIXExtendedParameters pKIXExtendedParameters2 = pKIXExtendedParameters;
        Cloneable targetConstraints = pKIXExtendedParameters2.getTargetConstraints();
        if (!Class.forName("com.hidglobal.ia.activcastle.x509.X509AttributeCertStoreSelector").isInstance(targetConstraints)) {
            StringBuilder sb2 = new StringBuilder("TargetConstraints must be an instance of ");
            sb2.append(Class.forName("com.hidglobal.ia.activcastle.x509.X509AttributeCertStoreSelector").getName());
            sb2.append(" for ");
            sb2.append(getClass().getName());
            sb2.append(" class.");
            throw new InvalidAlgorithmParameterException(sb2.toString());
        }
        X509AttributeCertificate attributeCert = ((X509AttributeCertStoreSelector) targetConstraints).getAttributeCert();
        CertPath c = i.c(attributeCert, pKIXExtendedParameters2);
        CertPathValidatorResult a = i.a(certPath, pKIXExtendedParameters2);
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(0);
        i.c(x509Certificate);
        i.b(x509Certificate, hashSet4);
        i.a(attributeCert, pKIXExtendedParameters2);
        i.e(attributeCert, certPath, c, hashSet);
        i.a(attributeCert, hashSet2, hashSet3);
        try {
            i.d(attributeCert, pKIXExtendedParameters2, x509Certificate, a.b(pKIXExtendedParameters2, null, -1), certPath.getCertificates(), this.helper);
            return a;
        } catch (AnnotatedException e) {
            throw new ExtCertPathValidatorException("Could not get validity date from attribute certificate.", e);
        }
    }
}
