package com.airwatch.revocationcheck;

import android.text.TextUtils;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.revocationcheck.CertificateUsagePolicy;
import com.airwatch.revocationcheck.RevocationCheckResponse;
import ff.b0;
import ff.q;
import io.netty.handler.codec.rtsp.RtspHeaders;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import kn.l;
import kotlin.Metadata;
import kotlin.jvm.internal.Lambda;
import ln.o;
import xd.h;

@Metadata(d1 = {"\u0000j\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0011\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\n\n\u0002\u0018\u0002\n\u0002\b\u0011\b\u0017\u0018\u0000 /2\u00020\u0001:\u00012B3\b\u0000\u0012\u0018\u0010\u0006\u001a\u0014\u0012\u0004\u0012\u00020\u0003\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00050\u00040\u0002\u0012\u0006\u0010\b\u001a\u00020\u0007\u0012\u0006\u0010\n\u001a\u00020\t¢\u0006\u0004\b\u000b\u0010\fJ\u001f\u0010\u0012\u001a\u00020\u00112\u0006\u0010\u000e\u001a\u00020\r2\u0006\u0010\u0010\u001a\u00020\u000fH\u0012¢\u0006\u0004\b\u0012\u0010\u0013J3\u0010\u001a\u001a\u00020\u00192\u0006\u0010\u0015\u001a\u00020\u00142\b\b\u0002\u0010\u0017\u001a\u00020\u00162\b\b\u0002\u0010\u000e\u001a\u00020\r2\u0006\u0010\u0018\u001a\u00020\u000fH\u0012¢\u0006\u0004\b\u001a\u0010\u001bJ;\u0010\u001d\u001a\u00020\r2\u0006\u0010\u0015\u001a\u00020\u00142\f\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\u0006\u0010\u0018\u001a\u00020\u000fH\u0012¢\u0006\u0004\b\u001d\u0010\u001eJ3\u0010!\u001a\n\u0012\u0004\u0012\u00020\u0005\u0018\u00010\u00042\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00050\u001f2\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004H\u0012¢\u0006\u0004\b!\u0010\"J\u000f\u0010$\u001a\u00020#H\u0012¢\u0006\u0004\b$\u0010%J3\u0010&\u001a\u00020#2\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00050\u001f2\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\u0006\u0010\u0018\u001a\u00020\u000fH\u0012¢\u0006\u0004\b&\u0010'J\u0017\u0010(\u001a\u00020#2\u0006\u0010\u0018\u001a\u00020\u000fH\u0012¢\u0006\u0004\b(\u0010)J%\u0010+\u001a\u00020#2\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00050\u001f2\u0006\u0010*\u001a\u00020\u0019H\u0012¢\u0006\u0004\b+\u0010,J\u0017\u0010/\u001a\u00020.2\u0006\u0010-\u001a\u00020\u000fH\u0017¢\u0006\u0004\b/\u00100J'\u00102\u001a\u00020\u00192\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00050\u001f2\b\u00101\u001a\u0004\u0018\u00010\u0019H\u0016¢\u0006\u0004\b2\u00103J\u0017\u00105\u001a\u00020\u00112\u0006\u00104\u001a\u00020\u0003H\u0016¢\u0006\u0004\b5\u00106R\u0014\u0010\n\u001a\u00020\t8\u0012X\u0092\u0004¢\u0006\u0006\n\u0004\b2\u00107R\u0018\u00104\u001a\u0004\u0018\u00010\u00038\u0012@\u0012X\u0092\u000e¢\u0006\u0006\n\u0004\b5\u00108R\u0014\u0010\b\u001a\u00020\u00078\u0012X\u0092\u0004¢\u0006\u0006\n\u0004\b9\u0010:R&\u0010\u0006\u001a\u0014\u0012\u0004\u0012\u00020\u0003\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00050\u00040\u00028\u0012X\u0092\u0004¢\u0006\u0006\n\u0004\b\u0012\u0010;R\u0014\u0010>\u001a\u00020\u00168RX\u0092\u0004¢\u0006\u0006\u001a\u0004\b<\u0010=¨\u0006?"}, d2 = {"Lcom/airwatch/revocationcheck/b;", "Lxd/h;", "Lkotlin/Function1;", "Lcom/airwatch/revocationcheck/RevocationCheckConfig;", "", "Ljava/security/cert/X509Certificate;", "trustedCerts", "Lcom/airwatch/crypto/openssl/OpenSSLCryptUtil;", "openSSLUtil", "Lff/q;", "certUtils", "<init>", "(Lkn/l;Lcom/airwatch/crypto/openssl/OpenSSLCryptUtil;Lff/q;)V", "Lcom/airwatch/revocationcheck/RevocationCheckResponse$Envelope;", "envelope", "Lcom/airwatch/revocationcheck/a$a;", "policyBuilder", "Lzm/x;", "d", "(Lcom/airwatch/revocationcheck/RevocationCheckResponse$Envelope;Lcom/airwatch/revocationcheck/a$a;)V", "", "certSubject", "", RtspHeaders.Values.TTL, "usagePolicyBuilder", "Lcom/airwatch/revocationcheck/RevocationCheckResponse;", "f", "(Ljava/lang/String;ILcom/airwatch/revocationcheck/RevocationCheckResponse$Envelope;Lcom/airwatch/revocationcheck/a$a;)Lcom/airwatch/revocationcheck/RevocationCheckResponse;", "certChain", "h", "(Ljava/lang/String;Ljava/util/List;Ljava/util/List;Lcom/airwatch/revocationcheck/a$a;)Lcom/airwatch/revocationcheck/RevocationCheckResponse$Envelope;", "", "chain", "i", "([Ljava/security/cert/X509Certificate;Ljava/util/List;)Ljava/util/List;", "", "k", "()Z", "l", "([Ljava/security/cert/X509Certificate;Ljava/util/List;Lcom/airwatch/revocationcheck/a$a;)Z", "m", "(Lcom/airwatch/revocationcheck/a$a;)Z", "response", "n", "([Ljava/security/cert/X509Certificate;Lcom/airwatch/revocationcheck/RevocationCheckResponse;)Z", "builder", "Lcom/airwatch/revocationcheck/a;", "e", "(Lcom/airwatch/revocationcheck/a$a;)Lcom/airwatch/revocationcheck/a;", "previousResponse", "a", "([Ljava/security/cert/X509Certificate;Lcom/airwatch/revocationcheck/RevocationCheckResponse;)Lcom/airwatch/revocationcheck/RevocationCheckResponse;", "config", "b", "(Lcom/airwatch/revocationcheck/RevocationCheckConfig;)V", "Lff/q;", "Lcom/airwatch/revocationcheck/RevocationCheckConfig;", "c", "Lcom/airwatch/crypto/openssl/OpenSSLCryptUtil;", "Lkn/l;", "j", "()I", "optionsFlag", "AWFramework_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes2.dex */
public class b implements h {

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    private final q certUtils;

    /* renamed from: b, reason: collision with root package name and from kotlin metadata */
    private RevocationCheckConfig config;

    /* renamed from: c, reason: collision with root package name and from kotlin metadata */
    private final OpenSSLCryptUtil openSSLUtil;

    /* renamed from: d, reason: collision with root package name and from kotlin metadata */
    private final l<RevocationCheckConfig, List<X509Certificate>> trustedCerts;

    @Metadata(d1 = {"\u0000\u000e\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0001\u001a\u00020\u0000H\n¢\u0006\u0004\b\u0003\u0010\u0004"}, d2 = {"", "e", "", "a", "(I)Ljava/lang/Boolean;"}, k = 3, mv = {1, 9, 0})
    /* renamed from: com.airwatch.revocationcheck.b$b, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public static final class C0195b extends Lambda implements l<Integer, Boolean> {
        C0195b() {
            super(1);
        }

        public final Boolean a(int i10) {
            boolean z10;
            if (i10 != 0) {
                RevocationCheckConfig revocationCheckConfig = b.this.config;
                o.c(revocationCheckConfig);
                if (revocationCheckConfig.getRevocationStrictness() != 0) {
                    z10 = false;
                    return Boolean.valueOf(z10);
                }
            }
            z10 = true;
            return Boolean.valueOf(z10);
        }

        @Override // kn.l
        public /* bridge */ /* synthetic */ Boolean invoke(Integer num) {
            return a(num.intValue());
        }
    }

    @Metadata(d1 = {"\u0000\u000e\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0001\u001a\u00020\u0000H\n¢\u0006\u0004\b\u0003\u0010\u0004"}, d2 = {"", "it", "", "a", "(I)Ljava/lang/Boolean;"}, k = 3, mv = {1, 9, 0})
    /* loaded from: classes2.dex */
    public static final class c extends Lambda implements l<Integer, Boolean> {

        /* renamed from: c, reason: collision with root package name */
        final /* synthetic */ RevocationCheckResponse f14754c;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        c(RevocationCheckResponse revocationCheckResponse) {
            super(1);
            this.f14754c = revocationCheckResponse;
        }

        public final Boolean a(int i10) {
            return Boolean.valueOf(this.f14754c.getUsagePolicy().getAllowUsage());
        }

        @Override // kn.l
        public /* bridge */ /* synthetic */ Boolean invoke(Integer num) {
            return a(num.intValue());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public b(l<? super RevocationCheckConfig, ? extends List<? extends X509Certificate>> lVar, OpenSSLCryptUtil openSSLCryptUtil, q qVar) {
        o.f(lVar, "trustedCerts");
        o.f(openSSLCryptUtil, "openSSLUtil");
        o.f(qVar, "certUtils");
        this.trustedCerts = lVar;
        this.openSSLUtil = openSSLCryptUtil;
        this.certUtils = qVar;
    }

    private void d(RevocationCheckResponse.Envelope envelope, CertificateUsagePolicy.C0194a policyBuilder) {
        int i10;
        b0.h("OCSPChecker", "Revocation Status from Envelope: " + envelope.getStatus(), null, 4, null);
        int status = envelope.getStatus();
        if (status != 0) {
            if (status == 1) {
                i10 = 32;
            } else if (status != 2) {
                return;
            } else {
                i10 = 16;
            }
            policyBuilder.a(i10);
            return;
        }
        RevocationCheckConfig revocationCheckConfig = this.config;
        o.c(revocationCheckConfig);
        if (revocationCheckConfig.getRevocationCheckNonceEnforced() == 1 && !envelope.getNonceVerified()) {
            b0.h("OCSPChecker", "Nonce verification failed", null, 4, null);
            policyBuilder.a(8);
        }
        if (envelope.getVerified()) {
            return;
        }
        b0.h("OCSPChecker", "Response verification failed", null, 4, null);
        policyBuilder.a(4);
    }

    private RevocationCheckResponse f(String certSubject, int ttl, RevocationCheckResponse.Envelope envelope, CertificateUsagePolicy.C0194a usagePolicyBuilder) {
        d(envelope, usagePolicyBuilder);
        return new RevocationCheckResponse(envelope, e(usagePolicyBuilder), ttl);
    }

    static /* synthetic */ RevocationCheckResponse g(b bVar, String str, int i10, RevocationCheckResponse.Envelope envelope, CertificateUsagePolicy.C0194a c0194a, int i11, Object obj) {
        if (obj != null) {
            throw new UnsupportedOperationException("Super calls with default arguments not supported in this target, function: buildResponse");
        }
        if ((i11 & 2) != 0) {
            i10 = 7;
        }
        if ((i11 & 4) != 0) {
            envelope = new RevocationCheckResponse.Envelope(str);
        }
        return bVar.f(str, i10, envelope, c0194a);
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0091  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0074  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.airwatch.revocationcheck.RevocationCheckResponse.Envelope h(java.lang.String r11, java.util.List<? extends java.security.cert.X509Certificate> r12, java.util.List<? extends java.security.cert.X509Certificate> r13, com.airwatch.revocationcheck.CertificateUsagePolicy.C0194a r14) {
        /*
            r10 = this;
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            java.lang.String r1 = "executeRevocationCheck() "
            r0.append(r1)
            r0.append(r11)
            java.lang.String r0 = r0.toString()
            java.lang.String r1 = "OCSPChecker"
            r2 = 0
            r3 = 4
            ff.b0.h(r1, r0, r2, r3, r2)
            com.airwatch.revocationcheck.CertificateChainAsList r9 = new com.airwatch.revocationcheck.CertificateChainAsList
            r9.<init>(r13)
            com.airwatch.revocationcheck.RevocationCheckResponse$Envelope r13 = new com.airwatch.revocationcheck.RevocationCheckResponse$Envelope
            r13.<init>(r11)
            com.airwatch.revocationcheck.CertificateChainAsList r5 = new com.airwatch.revocationcheck.CertificateChainAsList
            r5.<init>(r12)
            com.airwatch.revocationcheck.RevocationCheckConfig r12 = r10.config
            ln.o.c(r12)
            int r12 = r12.getRevocationCheckUseAia()
            r0 = 2
            if (r12 == r0) goto L4e
            com.airwatch.revocationcheck.RevocationCheckConfig r12 = r10.config
            ln.o.c(r12)
            java.lang.String r12 = r12.getRevocationCheckUrl()
            boolean r12 = android.text.TextUtils.isEmpty(r12)
            if (r12 == 0) goto L43
            goto L4e
        L43:
            com.airwatch.revocationcheck.RevocationCheckConfig r12 = r10.config
            ln.o.c(r12)
            java.lang.String r12 = r12.getRevocationCheckUrl()
            r7 = r12
            goto L4f
        L4e:
            r7 = r2
        L4f:
            java.lang.StringBuilder r12 = new java.lang.StringBuilder
            r12.<init>()
            java.lang.String r4 = "executing ocsp check over: "
            r12.append(r4)
            r12.append(r11)
            java.lang.String r11 = r12.toString()
            ff.b0.A(r1, r11, r2, r3, r2)
            com.airwatch.crypto.openssl.OpenSSLCryptUtil r4 = r10.openSSLUtil
            int r6 = r10.j()
            r8 = r13
            int r11 = r4.doRevocationCheck(r5, r6, r7, r8, r9)
            java.lang.String r12 = r13.getCertSubject()
            if (r11 != 0) goto L91
            java.lang.StringBuilder r14 = new java.lang.StringBuilder
            r14.<init>()
            java.lang.String r0 = "Revocation check result for "
            r14.append(r0)
            r14.append(r12)
            java.lang.String r12 = ": "
            r14.append(r12)
            r14.append(r11)
            java.lang.String r11 = r14.toString()
            ff.b0.h(r1, r11, r2, r3, r2)
            return r13
        L91:
            java.lang.StringBuilder r4 = new java.lang.StringBuilder
            r4.<init>()
            java.lang.String r5 = "Revocation check failed for "
            r4.append(r5)
            r4.append(r12)
            java.lang.String r12 = " with reason code: "
            r4.append(r12)
            r4.append(r11)
            java.lang.String r12 = r4.toString()
            ff.b0.S(r1, r12, r2, r3, r2)
            r14.a(r0)
            switch(r11) {
                case -17: goto Lbd;
                case -16: goto Lba;
                case -15: goto Lb4;
                default: goto Lb3;
            }
        Lb3:
            goto Lc0
        Lb4:
            r11 = 256(0x100, float:3.59E-43)
        Lb6:
            r14.a(r11)
            goto Lc0
        Lba:
            r11 = 128(0x80, float:1.8E-43)
            goto Lb6
        Lbd:
            r14.a(r3)
        Lc0:
            return r13
        */
        throw new UnsupportedOperationException("Method not decompiled: com.airwatch.revocationcheck.b.h(java.lang.String, java.util.List, java.util.List, com.airwatch.revocationcheck.a$a):com.airwatch.revocationcheck.RevocationCheckResponse$Envelope");
    }

    private List<X509Certificate> i(X509Certificate[] chain, List<? extends X509Certificate> trustedCerts) {
        RevocationCheckConfig revocationCheckConfig = this.config;
        o.c(revocationCheckConfig);
        if (revocationCheckConfig.getRevocationCheckType() == 0) {
            b0.h("OCSPChecker", "Check type : entire chain", null, 4, null);
            return this.certUtils.b(chain, trustedCerts);
        }
        b0.h("OCSPChecker", "Check type : leaf cert", null, 4, null);
        return chain.length < 2 ? this.certUtils.c(chain[0], trustedCerts) : Arrays.asList(Arrays.copyOf(chain, chain.length)).subList(0, 2);
    }

    private int j() {
        RevocationCheckConfig revocationCheckConfig = this.config;
        o.c(revocationCheckConfig);
        int i10 = revocationCheckConfig.getRevocationCheckNonceEnforced() == 1 ? 1 : 0;
        RevocationCheckConfig revocationCheckConfig2 = this.config;
        o.c(revocationCheckConfig2);
        if (revocationCheckConfig2.getRevocationCheckUseAia() != 0) {
            i10 |= 2;
        }
        RevocationCheckConfig revocationCheckConfig3 = this.config;
        o.c(revocationCheckConfig3);
        if (revocationCheckConfig3.getRevocationCheckType() == 1) {
            i10 |= 4;
        }
        RevocationCheckConfig revocationCheckConfig4 = this.config;
        o.c(revocationCheckConfig4);
        return revocationCheckConfig4.getRevocationCheckResponseVerificationSetting() == 1 ? i10 | 8 : i10;
    }

    private boolean k() {
        RevocationCheckConfig revocationCheckConfig = this.config;
        o.c(revocationCheckConfig);
        return revocationCheckConfig.getRevocationCheckUsingOCSPEnabled() == 1;
    }

    private boolean l(X509Certificate[] chain, List<? extends X509Certificate> trustedCerts, CertificateUsagePolicy.C0194a usagePolicyBuilder) {
        if (this.certUtils.g(chain, trustedCerts)) {
            return true;
        }
        usagePolicyBuilder.a(64);
        return false;
    }

    private boolean m(CertificateUsagePolicy.C0194a usagePolicyBuilder) {
        if (this.config == null) {
            throw new CheckerInitializationException();
        }
        if (!k()) {
            b0.h("OCSPChecker", "Revocation check not setup/enabled, returning", null, 4, null);
            return false;
        }
        RevocationCheckConfig revocationCheckConfig = this.config;
        o.c(revocationCheckConfig);
        if (revocationCheckConfig.getRevocationCheckUseAia() != 0) {
            return true;
        }
        RevocationCheckConfig revocationCheckConfig2 = this.config;
        o.c(revocationCheckConfig2);
        if (!TextUtils.isEmpty(revocationCheckConfig2.getRevocationCheckUrl())) {
            return true;
        }
        b0.h("OCSPChecker", "Revocation check URL not available", null, 4, null);
        usagePolicyBuilder.a(256);
        return false;
    }

    private boolean n(X509Certificate[] chain, RevocationCheckResponse response) {
        return o.b(response.getCertSubject(), chain[0].getSubjectDN().getName()) && response.getIo.netty.handler.codec.rtsp.RtspHeaders.Values.TTL java.lang.String() > System.currentTimeMillis();
    }

    @Override // xd.h
    public RevocationCheckResponse a(X509Certificate[] chain, RevocationCheckResponse previousResponse) throws CheckerInitializationException, EmptyCertificateChainException {
        o.f(chain, "chain");
        b0.h("OCSPChecker", "check() called", null, 4, null);
        if (chain.length == 0) {
            throw new EmptyCertificateChainException();
        }
        String name = chain[0].getSubjectDN().getName();
        CertificateUsagePolicy.C0194a c0194a = new CertificateUsagePolicy.C0194a();
        if (!m(c0194a)) {
            o.c(name);
            return g(this, name, 0, null, c0194a, 6, null);
        }
        l<RevocationCheckConfig, List<X509Certificate>> lVar = this.trustedCerts;
        RevocationCheckConfig revocationCheckConfig = this.config;
        o.c(revocationCheckConfig);
        List<X509Certificate> invoke = lVar.invoke(revocationCheckConfig);
        List<X509Certificate> i10 = i(chain, invoke);
        List<X509Certificate> list = i10;
        if (list == null || list.isEmpty()) {
            c0194a.a(64);
            c0194a.a(1);
            o.c(name);
            return g(this, name, 0, null, c0194a, 6, null);
        }
        l(chain, invoke, c0194a);
        if (previousResponse == null || !n(chain, previousResponse)) {
            o.c(name);
            RevocationCheckResponse.Envelope h10 = h(name, i10, invoke, c0194a);
            if (previousResponse != null && c0194a.d(128)) {
                RevocationCheckConfig revocationCheckConfig2 = this.config;
                o.c(revocationCheckConfig2);
                if (revocationCheckConfig2.getRevocationStrictness() == 1) {
                    return new RevocationCheckResponse(previousResponse.getCertSubject(), previousResponse.getIo.netty.handler.codec.rtsp.RtspHeaders.Values.TTL java.lang.String(), previousResponse.getRevokedAt(), previousResponse.getStatus(), previousResponse.getVerified(), previousResponse.getNonceVerified(), new CertificateUsagePolicy.C0194a().a(previousResponse.getUsagePolicy().getError()).a(128).b(new c(previousResponse)));
                }
            }
            RevocationCheckConfig revocationCheckConfig3 = this.config;
            o.c(revocationCheckConfig3);
            return f(name, revocationCheckConfig3.getRevocationStatusTtl(), h10, c0194a);
        }
        b0.h("OCSPChecker", "Using cache response for " + previousResponse.getCertSubject(), null, 4, null);
        b0.h("OCSPChecker", "Previous response TTL=" + previousResponse.getIo.netty.handler.codec.rtsp.RtspHeaders.Values.TTL java.lang.String(), null, 4, null);
        o.c(name);
        return f(name, (int) previousResponse.getIo.netty.handler.codec.rtsp.RtspHeaders.Values.TTL java.lang.String(), previousResponse.b(), c0194a);
    }

    @Override // xd.h
    public void b(RevocationCheckConfig config) {
        o.f(config, "config");
        this.config = config;
    }

    public CertificateUsagePolicy e(CertificateUsagePolicy.C0194a builder) {
        o.f(builder, "builder");
        return builder.b(new C0195b());
    }
}
