package io.netty.handler.ssl.ocsp;

import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.netty.resolver.dns.DnsNameResolver;
import io.netty.resolver.dns.DnsNameResolverBuilder;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import io.netty.util.internal.ObjectUtil;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import ww0.a;

/* loaded from: classes4.dex */
public class OcspServerCertificateValidator extends ChannelInboundHandlerAdapter {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private final boolean closeAndThrowIfNotValid;
    private final DnsNameResolver dnsNameResolver;
    private final IoTransport ioTransport;
    private final boolean validateNonce;

    public OcspServerCertificateValidator() {
        this(false);
    }

    public OcspServerCertificateValidator(boolean z11) {
        this(z11, IoTransport.DEFAULT);
    }

    public OcspServerCertificateValidator(boolean z11, IoTransport ioTransport) {
        this(z11, ioTransport, createDefaultResolver(ioTransport));
    }

    public OcspServerCertificateValidator(boolean z11, IoTransport ioTransport, DnsNameResolver dnsNameResolver) {
        this(true, z11, ioTransport, dnsNameResolver);
    }

    public OcspServerCertificateValidator(boolean z11, boolean z12, IoTransport ioTransport, DnsNameResolver dnsNameResolver) {
        this.closeAndThrowIfNotValid = z11;
        this.validateNonce = z12;
        this.ioTransport = (IoTransport) ObjectUtil.checkNotNull(ioTransport, "IoTransport");
        this.dnsNameResolver = (DnsNameResolver) ObjectUtil.checkNotNull(dnsNameResolver, "DnsNameResolver");
    }

    public static DnsNameResolver createDefaultResolver(IoTransport ioTransport) {
        return new DnsNameResolverBuilder().eventLoop(ioTransport.eventLoop()).channelFactory(ioTransport.datagramChannel()).socketChannelFactory(ioTransport.socketChannel()).build();
    }

    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelHandlerAdapter, io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th2) {
        channelHandlerContext.channel().close();
    }

    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
    public void userEventTriggered(final ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        channelHandlerContext.fireUserEventTriggered(obj);
        if (obj instanceof SslHandshakeCompletionEvent) {
            if (((SslHandshakeCompletionEvent) obj).isSuccess()) {
                Certificate[] peerCertificates = ((SslHandler) channelHandlerContext.pipeline().get(SslHandler.class)).engine().getSession().getPeerCertificates();
                OcspClient.query((X509Certificate) peerCertificates[0], (X509Certificate) peerCertificates[1], this.validateNonce, this.ioTransport, this.dnsNameResolver).addListener((GenericFutureListener<? extends Future<? super a>>) new GenericFutureListener<Future<a>>() { // from class: io.netty.handler.ssl.ocsp.OcspServerCertificateValidator.1
                    /* JADX WARN: Code restructure failed: missing block: B:9:0x003c, code lost:
                    
                        if (r0.before(r1 == null ? null : ww0.g.a(r1)) == false) goto L12;
                     */
                    @Override // io.netty.util.concurrent.GenericFutureListener
                    /*
                        Code decompiled incorrectly, please refer to instructions dump.
                        To view partially-correct add '--show-bad-code' argument
                    */
                    public void operationComplete(io.netty.util.concurrent.Future<ww0.a> r7) throws java.lang.Exception {
                        /*
                            r6 = this;
                            boolean r0 = r7.isSuccess()
                            if (r0 == 0) goto Lb1
                            java.lang.Object r7 = r7.get()
                            ww0.a r7 = (ww0.a) r7
                            g00.a[] r7 = r7.a()
                            r0 = 0
                            r7 = r7[r0]
                            java.util.Date r0 = new java.util.Date
                            r0.<init>()
                            java.lang.Object r1 = r7.f36489b
                            kw0.m r1 = (kw0.m) r1
                            vv0.l r1 = r1.f45700d
                            java.util.Date r1 = ww0.g.a(r1)
                            boolean r1 = r0.after(r1)
                            r2 = 0
                            java.lang.Object r3 = r7.f36489b
                            if (r1 == 0) goto L3e
                            r1 = r3
                            kw0.m r1 = (kw0.m) r1
                            vv0.l r1 = r1.f45701e
                            if (r1 != 0) goto L34
                            r1 = r2
                            goto L38
                        L34:
                            java.util.Date r1 = ww0.g.a(r1)
                        L38:
                            boolean r0 = r0.before(r1)
                            if (r0 != 0) goto L4a
                        L3e:
                            io.netty.channel.ChannelHandlerContext r0 = r2
                            java.lang.IllegalStateException r1 = new java.lang.IllegalStateException
                            java.lang.String r4 = "OCSP Response is out-of-date"
                            r1.<init>(r4)
                            r0.fireExceptionCaught(r1)
                        L4a:
                            ww0.c r0 = r7.a()
                            if (r0 != 0) goto L53
                            io.netty.handler.ssl.ocsp.OcspResponse$Status r7 = io.netty.handler.ssl.ocsp.OcspResponse.Status.VALID
                            goto L60
                        L53:
                            ww0.c r7 = r7.a()
                            boolean r7 = r7 instanceof ww0.h
                            if (r7 == 0) goto L5e
                            io.netty.handler.ssl.ocsp.OcspResponse$Status r7 = io.netty.handler.ssl.ocsp.OcspResponse.Status.REVOKED
                            goto L60
                        L5e:
                            io.netty.handler.ssl.ocsp.OcspResponse$Status r7 = io.netty.handler.ssl.ocsp.OcspResponse.Status.UNKNOWN
                        L60:
                            io.netty.channel.ChannelHandlerContext r0 = r2
                            io.netty.handler.ssl.ocsp.OcspValidationEvent r1 = new io.netty.handler.ssl.ocsp.OcspValidationEvent
                            io.netty.handler.ssl.ocsp.OcspResponse r4 = new io.netty.handler.ssl.ocsp.OcspResponse
                            r5 = r3
                            kw0.m r5 = (kw0.m) r5
                            vv0.l r5 = r5.f45700d
                            java.util.Date r5 = ww0.g.a(r5)
                            kw0.m r3 = (kw0.m) r3
                            vv0.l r3 = r3.f45701e
                            if (r3 != 0) goto L76
                            goto L7a
                        L76:
                            java.util.Date r2 = ww0.g.a(r3)
                        L7a:
                            r4.<init>(r7, r5, r2)
                            r1.<init>(r4)
                            r0.fireUserEventTriggered(r1)
                            io.netty.handler.ssl.ocsp.OcspResponse$Status r0 = io.netty.handler.ssl.ocsp.OcspResponse.Status.VALID
                            if (r7 == r0) goto Lba
                            io.netty.handler.ssl.ocsp.OcspServerCertificateValidator r0 = io.netty.handler.ssl.ocsp.OcspServerCertificateValidator.this
                            boolean r0 = io.netty.handler.ssl.ocsp.OcspServerCertificateValidator.access$000(r0)
                            if (r0 == 0) goto Lba
                            io.netty.channel.ChannelHandlerContext r0 = r2
                            io.netty.channel.Channel r0 = r0.channel()
                            r0.close()
                            io.netty.channel.ChannelHandlerContext r6 = r2
                            org.bouncycastle.cert.ocsp.OCSPException r0 = new org.bouncycastle.cert.ocsp.OCSPException
                            java.lang.StringBuilder r1 = new java.lang.StringBuilder
                            java.lang.String r2 = "Certificate not valid. Status: "
                            r1.<init>(r2)
                            r1.append(r7)
                            java.lang.String r7 = r1.toString()
                            r0.<init>(r7)
                            r6.fireExceptionCaught(r0)
                            goto Lba
                        Lb1:
                            io.netty.channel.ChannelHandlerContext r6 = r2
                            java.lang.Throwable r7 = r7.cause()
                            r6.fireExceptionCaught(r7)
                        Lba:
                            return
                        */
                        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.ocsp.OcspServerCertificateValidator.AnonymousClass1.operationComplete(io.netty.util.concurrent.Future):void");
                    }
                });
            }
            channelHandlerContext.pipeline().remove(this);
        }
    }
}
