package sun.security.provider.certpath;

import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import sun.security.util.Debug;

/* loaded from: classes.dex */
class PKIXMasterCertPathValidator {
    private static final Debug debug = Debug.getInstance("certpath");
    private List<PKIXCertPathChecker> certPathCheckers;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKIXMasterCertPathValidator(List<PKIXCertPathChecker> list) {
        this.certPathCheckers = list;
    }

    private static boolean isRevocationCheck(PKIXCertPathChecker pKIXCertPathChecker, int i, List<PKIXCertPathChecker> list) {
        return (pKIXCertPathChecker instanceof OCSPChecker) && i + 1 < list.size() && (list.get(i + 1) instanceof CrlRevocationChecker);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validate(CertPath certPath, List<X509Certificate> list) throws CertPathValidatorException {
        CertPathValidatorException certPathValidatorException;
        int i;
        int size = list.size();
        if (debug != null) {
            debug.println("--------------------------------------------------------------");
            debug.println("Executing PKIX certification path validation algorithm.");
        }
        for (int i2 = 0; i2 < size; i2++) {
            if (debug != null) {
                debug.println("Checking cert" + (i2 + 1) + " ...");
            }
            X509Certificate x509Certificate = list.get(i2);
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            Set<String> emptySet = criticalExtensionOIDs == null ? Collections.emptySet() : criticalExtensionOIDs;
            if (debug != null && !emptySet.isEmpty()) {
                debug.println("Set of critical extensions:");
                Iterator<String> it = emptySet.iterator();
                while (it.hasNext()) {
                    debug.println(it.next());
                }
            }
            CertPathValidatorException certPathValidatorException2 = null;
            int i3 = 0;
            while (i3 < this.certPathCheckers.size()) {
                PKIXCertPathChecker pKIXCertPathChecker = this.certPathCheckers.get(i3);
                if (debug != null) {
                    debug.println("-Using checker" + (i3 + 1) + " ... [" + pKIXCertPathChecker.getClass().getName() + "]");
                }
                if (i2 == 0) {
                    pKIXCertPathChecker.init(false);
                }
                try {
                    pKIXCertPathChecker.check(x509Certificate, emptySet);
                } catch (CertPathValidatorException e) {
                    if (certPathValidatorException2 != null && (pKIXCertPathChecker instanceof CrlRevocationChecker)) {
                        if (e.getReason() != CertPathValidatorException.BasicReason.REVOKED) {
                            throw certPathValidatorException2;
                        }
                        throw e;
                    }
                    certPathValidatorException = new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, size - (i2 + 1), e.getReason());
                    if (e.getReason() == CertPathValidatorException.BasicReason.REVOKED) {
                        throw certPathValidatorException;
                    }
                    if (!isRevocationCheck(pKIXCertPathChecker, i3, this.certPathCheckers)) {
                        throw certPathValidatorException;
                    }
                    if (debug != null) {
                        debug.println(e.getMessage());
                        debug.println("preparing to failover (from OCSP to CRLs)");
                    }
                }
                if (isRevocationCheck(pKIXCertPathChecker, i3, this.certPathCheckers)) {
                    if (debug != null) {
                        debug.println("-checker" + (i3 + 1) + " validation succeeded");
                    }
                    i = i3 + 1;
                    i3 = i + 1;
                } else {
                    certPathValidatorException = certPathValidatorException2;
                    if (debug != null) {
                        debug.println("-checker" + (i3 + 1) + " validation succeeded");
                    }
                    certPathValidatorException2 = certPathValidatorException;
                    i = i3;
                    i3 = i + 1;
                }
            }
            if (debug != null) {
                debug.println("checking for unresolvedCritExts");
            }
            if (!emptySet.isEmpty()) {
                throw new CertPathValidatorException("unrecognized critical extension(s)", null, certPath, size - (i2 + 1), PKIXReason.UNRECOGNIZED_CRIT_EXT);
            }
            if (debug != null) {
                debug.println("\ncert" + (i2 + 1) + " validation succeeded.\n");
            }
        }
        if (debug != null) {
            debug.println("Cert path validation succeeded. (PKIX validation algorithm)");
            debug.println("--------------------------------------------------------------");
        }
    }
}
