package com.blackberry.security.trustmgr.jca;

import com.blackberry.security.trustmgr.FutureResult;
import com.blackberry.security.trustmgr.PkixProfile;
import com.blackberry.security.trustmgr.ValidationContext;
import com.blackberry.security.trustmgr.internal.a0;
import com.blackberry.security.trustmgr.internal.c;
import com.blackberry.security.trustmgr.internal.d;
import com.blackberry.security.trustmgr.internal.p;
import com.blackberry.security.trustmgr.internal.q;
import com.blackberry.security.trustmgr.internal.u;
import com.blackberry.security.trustmgr.internal.z;
import com.blackberry.security.trustmgr.jca.JcaValidationContext;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.TrustAnchor;
import java.util.Arrays;
import java.util.Set;
import java.util.concurrent.Executor;

/* loaded from: classes.dex */
class JcaValidator extends c {

    /* loaded from: classes.dex */
    private class Worker implements Runnable {
        private final ValidationContext mContext;
        private final d<Void> mResultRef;

        Worker(ValidationContext validationContext, d<Void> dVar) {
            this.mContext = validationContext;
            this.mResultRef = dVar;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                if (this.mResultRef.h()) {
                    return;
                }
                JcaValidator.this.validateByCert(this.mContext);
                this.mResultRef.k(null);
            } catch (z e10) {
                this.mResultRef.l(e10);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JcaValidator() {
        addSupportedProfileType(PkixProfile.class);
    }

    private static <T> T getRootCause(Throwable th, Class<T> cls) {
        while (true) {
            if (th == null) {
                th = null;
                break;
            }
            if (cls.isInstance(th)) {
                break;
            }
            th = th.getCause();
        }
        if (th != null) {
            return cls.cast(th);
        }
        return null;
    }

    private void parseValidationException(CertificateException certificateException, a0 a0Var) {
        if (certificateException == null) {
            return;
        }
        q qVar = null;
        CertificateExpiredException certificateExpiredException = (CertificateExpiredException) getRootCause(certificateException, CertificateExpiredException.class);
        if (certificateExpiredException != null) {
            qVar = new q(q.a.WARN_INVALID_TIME_PERIOD);
            qVar.c(certificateExpiredException.toString());
        } else {
            CertificateNotYetValidException certificateNotYetValidException = (CertificateNotYetValidException) getRootCause(certificateException, CertificateNotYetValidException.class);
            if (certificateNotYetValidException != null) {
                qVar = new q(q.a.WARN_INVALID_TIME_PERIOD);
                qVar.c(certificateNotYetValidException.toString());
            } else {
                CertificateParsingException certificateParsingException = (CertificateParsingException) getRootCause(certificateException, CertificateParsingException.class);
                if (certificateParsingException != null) {
                    qVar = new q(q.a.ERROR);
                    qVar.c(certificateParsingException.toString());
                } else {
                    CertificateEncodingException certificateEncodingException = (CertificateEncodingException) getRootCause(certificateException, CertificateEncodingException.class);
                    if (certificateEncodingException != null) {
                        qVar = new q(q.a.ERROR);
                        qVar.c(certificateEncodingException.toString());
                    }
                }
            }
        }
        if (qVar == null) {
            qVar = new q(q.a.WARN);
            qVar.c(certificateException.toString());
        }
        u uVar = new u();
        uVar.c(qVar);
        a0Var.a(PkixProfile.class, uVar);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void validateByCert(ValidationContext validationContext) {
        CertPath certPath;
        PkixProfile pkixProfile = (PkixProfile) getProfile(PkixProfile.class);
        if (pkixProfile == null) {
            throw new z("missing pkix profile");
        }
        Certificate certificate = (Certificate) validationContext.get(ValidationContext.CERT);
        JcaValidationContext jcaValidationContext = new JcaValidationContext();
        KeyStore trustStore = pkixProfile.getTrustStore();
        if (trustStore == null) {
            try {
                trustStore = pkixProfile.getDefaultTrustStore();
            } catch (CertificateException e10) {
                throw new z("Failed to initialize default trust store", e10);
            }
        }
        jcaValidationContext.setTrustStore(trustStore);
        jcaValidationContext.setReferenceDate(pkixProfile.getReferenceDate());
        Set<Certificate> intermediateCertificates = pkixProfile.getIntermediateCertificates();
        TrustAnchor trustAnchor = null;
        try {
            JcaValidationContext.Result validate = jcaValidationContext.validate(certificate, intermediateCertificates != null ? (Certificate[]) intermediateCertificates.toArray(new Certificate[intermediateCertificates.size()]) : null);
            certPath = validate.getCertPath();
            try {
                trustAnchor = validate.getTrustAnchor();
                e = null;
            } catch (CertificateException e11) {
                e = e11;
            }
        } catch (CertificateException e12) {
            e = e12;
            certPath = null;
        }
        if (certPath == null) {
            try {
                certPath = CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(certificate));
            } catch (CertificateException e13) {
                throw new z("Failed to initialize certificate path", e13);
            }
        }
        validationContext.add(p.f7902a, certPath);
        validationContext.add(p.f7903b, trustAnchor);
        parseValidationException(e, (a0) validationContext.get(ValidationContext.WARNINGS));
    }

    @Override // com.blackberry.security.trustmgr.Validator
    public FutureResult<Void> validate(ValidationContext validationContext) {
        if (validationContext.contains(p.f7902a)) {
            throw new UnsupportedOperationException();
        }
        if (!validationContext.contains(ValidationContext.CERT)) {
            throw new z("Unsupported validation mode");
        }
        d dVar = new d();
        ((Executor) validationContext.get(ValidationContext.SHORT_TASK_EXECUTOR)).execute(new Worker(validationContext, dVar));
        return dVar;
    }
}
