package sun.security.provider.certpath;

import com.sun.tools.doclets.TagletManager;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
import sun.security.x509.X500Name;

/* loaded from: input_file:efixes/PK83758_Hpux_PaRISC/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:sun/security/provider/certpath/BasicChecker.class */
class BasicChecker extends PKIXCertPathChecker {
    private static final Debug debug = Debug.getInstance("certpath");
    private final PublicKey trustedPubKey;
    private final X500Principal caName;
    private final Date testDate;
    private final String sigProvider;
    private final boolean sigOnly;
    private X500Principal prevSubject;
    private PublicKey prevPubKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicChecker(PublicKey publicKey, X500Principal x500Principal, Date date, String str, boolean z) throws CertPathValidatorException {
        this.trustedPubKey = publicKey;
        this.caName = x500Principal;
        this.testDate = date;
        this.sigProvider = str;
        this.sigOnly = z;
        init(false);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.prevPubKey = this.trustedPubKey;
        this.prevSubject = this.caName;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!this.sigOnly) {
            verifyTimestamp(x509Certificate, this.testDate);
            verifyNameChaining(x509Certificate, this.prevSubject);
        }
        verifySignature(x509Certificate, this.prevPubKey, this.sigProvider);
        updateState(x509Certificate);
    }

    private void verifySignature(X509Certificate x509Certificate, PublicKey publicKey, String str) throws CertPathValidatorException {
        if (debug != null) {
            debug.println(new StringBuffer().append("---checking ").append("signature").append("...").toString());
        }
        try {
            x509Certificate.verify(publicKey, str);
            if (debug != null) {
                debug.println(new StringBuffer().append("signature").append(" verified.").toString());
            }
        } catch (Exception e) {
            if (debug != null) {
                debug.println(e.getMessage());
                e.printStackTrace();
            }
            throw new CertPathValidatorException(new StringBuffer().append("signature").append(" check failed").toString(), e);
        }
    }

    private void verifyTimestamp(X509Certificate x509Certificate, Date date) throws CertPathValidatorException {
        if (debug != null) {
            debug.println(new StringBuffer().append("---checking ").append("timestamp").append(TagletManager.SIMPLE_TAGLET_OPT_SEPERATOR).append(date.toString()).append("...").toString());
        }
        try {
            x509Certificate.checkValidity(date);
            if (debug != null) {
                debug.println(new StringBuffer().append("timestamp").append(" verified.").toString());
            }
        } catch (Exception e) {
            if (debug != null) {
                debug.println(e.getMessage());
                e.printStackTrace();
            }
            throw new CertPathValidatorException(new StringBuffer().append("timestamp").append(" check failed").toString(), e);
        }
    }

    private void verifyNameChaining(X509Certificate x509Certificate, X500Principal x500Principal) throws CertPathValidatorException {
        if (x500Principal != null) {
            if (debug != null) {
                debug.println(new StringBuffer().append("---checking ").append("subject/issuer name chaining").append("...").toString());
            }
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            if (X500Name.asX500Name(issuerX500Principal).isEmpty()) {
                throw new CertPathValidatorException(new StringBuffer().append("subject/issuer name chaining").append(" check failed: ").append("empty/null issuer DN in certificate is invalid").toString());
            }
            if (!issuerX500Principal.equals(x500Principal)) {
                throw new CertPathValidatorException(new StringBuffer().append("subject/issuer name chaining").append(" check failed").toString());
            }
            if (debug != null) {
                debug.println(new StringBuffer().append("subject/issuer name chaining").append(" verified.").toString());
            }
        }
    }

    private void updateState(X509Certificate x509Certificate) throws CertPathValidatorException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (debug != null) {
            debug.println(new StringBuffer().append("BasicChecker.updateState issuer: ").append(x509Certificate.getIssuerX500Principal().toString()).append("; subject: ").append(x509Certificate.getSubjectX500Principal()).append("; serial#: ").append(x509Certificate.getSerialNumber().toString()).toString());
        }
        if ((publicKey instanceof DSAPublicKey) && ((DSAPublicKey) publicKey).getParams() == null) {
            publicKey = makeInheritedParamsKey(publicKey, this.prevPubKey);
            if (debug != null) {
                debug.println("BasicChecker.updateState Made key with inherited params");
            }
        }
        this.prevPubKey = publicKey;
        this.prevSubject = x509Certificate.getSubjectX500Principal();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey makeInheritedParamsKey(PublicKey publicKey, PublicKey publicKey2) throws CertPathValidatorException {
        if (!(publicKey instanceof DSAPublicKey) || !(publicKey2 instanceof DSAPublicKey)) {
            throw new CertPathValidatorException("Input key is not appropriate type for inheriting parameters");
        }
        DSAParams params = ((DSAPublicKey) publicKey2).getParams();
        if (params == null) {
            throw new CertPathValidatorException("Key parameters missing");
        }
        try {
            return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(((DSAPublicKey) publicKey).getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e) {
            throw new CertPathValidatorException(new StringBuffer().append("Unable to generate key with inherited parameters: ").append(e.getMessage()).toString(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PublicKey getPublicKey() {
        return this.prevPubKey;
    }
}
