package org.bouncycastle.jce.provider;

import L8.AbstractC0607l;
import L8.AbstractC0610o;
import L8.AbstractC0613s;
import L8.C0602g;
import L8.C0603h;
import L8.C0605j;
import L8.C0609n;
import L8.InterfaceC0600e;
import L8.InterfaceC0615u;
import L8.U;
import L9.m;
import L9.n;
import P8.a;
import P9.b;
import P9.c;
import b9.C1071a;
import b9.C1072b;
import b9.C1073c;
import b9.C1076f;
import b9.C1077g;
import b9.C1078h;
import b9.C1079i;
import b9.C1080j;
import b9.C1081k;
import b9.C1082l;
import b9.InterfaceC1074d;
import com.google.android.gms.internal.mlkit_vision_barcode_bundled.B0;
import d9.u;
import e9.InterfaceC1487a;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.Extension;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import k9.C1746a;
import l9.C1780B;
import l9.C1790L;
import l9.C1797a;
import l9.C1798b;
import l9.C1804h;
import l9.C1809m;
import l9.C1816t;
import l9.C1818v;
import w2.AbstractC2706a;
import wa.h;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class ProvOcspRevocationChecker implements m {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final b helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private n parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C0609n("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(d9.n.f40893O0, "SHA224WITHRSA");
        hashMap.put(d9.n.f40890L0, "SHA256WITHRSA");
        hashMap.put(d9.n.f40891M0, "SHA384WITHRSA");
        hashMap.put(d9.n.f40892N0, "SHA512WITHRSA");
        hashMap.put(a.f7946m, "GOST3411WITHGOST3410");
        hashMap.put(a.f7947n, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC1487a.f41115g, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC1487a.h, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(H9.a.f2670a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(H9.a.f2671b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(H9.a.f2672c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(H9.a.f2673d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(H9.a.f2674e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(H9.a.f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(J9.a.f3436a, "SHA1WITHCVC-ECDSA");
        hashMap.put(J9.a.f3437b, "SHA224WITHCVC-ECDSA");
        hashMap.put(J9.a.f3438c, "SHA256WITHCVC-ECDSA");
        hashMap.put(J9.a.f3439d, "SHA384WITHCVC-ECDSA");
        hashMap.put(J9.a.f3440e, "SHA512WITHCVC-ECDSA");
        hashMap.put(U8.a.f8777a, "XMSS");
        hashMap.put(U8.a.f8778b, "XMSSMT");
        hashMap.put(new C0609n("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C0609n("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C0609n("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(m9.n.Y1, "SHA1WITHECDSA");
        hashMap.put(m9.n.b2, "SHA224WITHECDSA");
        hashMap.put(m9.n.f46975c2, "SHA256WITHECDSA");
        hashMap.put(m9.n.d2, "SHA384WITHECDSA");
        hashMap.put(m9.n.e2, "SHA512WITHECDSA");
        hashMap.put(c9.b.h, "SHA1WITHRSA");
        hashMap.put(c9.b.f26303g, "SHA1WITHDSA");
        hashMap.put(Y8.b.f9790P, "SHA224WITHDSA");
        hashMap.put(Y8.b.f9791Q, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, b bVar) {
        this.parent = provRevocationChecker;
        this.helper = bVar;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C1790L.w(publicKey.getEncoded()).f46591b.G());
    }

    private C1072b createCertID(C1072b c1072b, C1809m c1809m, C0605j c0605j) {
        return createCertID(c1072b.f26098a, c1809m, c0605j);
    }

    /* JADX WARN: Type inference failed for: r6v7, types: [b9.b, java.lang.Object] */
    private C1072b createCertID(C1798b c1798b, C1809m c1809m, C0605j c0605j) {
        try {
            MessageDigest j10 = this.helper.j(c.a(c1798b.f46638a));
            AbstractC0610o abstractC0610o = new AbstractC0610o(j10.digest(c1809m.f46667b.h.s("DER")));
            AbstractC0610o abstractC0610o2 = new AbstractC0610o(j10.digest(c1809m.f46667b.f46607q.f46591b.G()));
            ?? obj = new Object();
            obj.f26098a = c1798b;
            obj.f26099b = abstractC0610o;
            obj.f26100c = abstractC0610o2;
            obj.f26101d = c0605j;
            return obj;
        } catch (Exception e2) {
            throw new CertPathValidatorException("problem creating ID: " + e2, e2);
        }
    }

    private C1809m extractCert() {
        try {
            return C1809m.w(this.parameters.f6889e.getEncoded());
        } catch (Exception e2) {
            String i2 = B0.i(e2, new StringBuilder("cannot process signing cert: "));
            n nVar = this.parameters;
            throw new CertPathValidatorException(i2, e2, nVar.f6887c, nVar.f6888d);
        }
    }

    private static String getDigestName(C0609n c0609n) {
        String a10 = c.a(c0609n);
        int indexOf = a10.indexOf(45);
        if (indexOf <= 0 || a10.startsWith("SHA3")) {
            return a10;
        }
        return a10.substring(0, indexOf) + a10.substring(indexOf + 1);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v1, types: [l9.h, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r7v2, types: [l9.a, java.lang.Object] */
    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        C1804h c1804h;
        C1797a c1797a;
        byte[] extensionValue = x509Certificate.getExtensionValue(C1816t.f46691J2.f6831a);
        if (extensionValue != null) {
            byte[] bArr = AbstractC0610o.H(extensionValue).f6836a;
            if (bArr instanceof C1804h) {
                c1804h = (C1804h) bArr;
            } else if (bArr != 0) {
                AbstractC0613s H10 = AbstractC0613s.H(bArr);
                ?? obj = new Object();
                if (H10.size() < 1) {
                    throw new IllegalArgumentException("sequence may not be empty");
                }
                obj.f46656a = new C1797a[H10.size()];
                for (int i2 = 0; i2 != H10.size(); i2++) {
                    C1797a[] c1797aArr = obj.f46656a;
                    InterfaceC0600e I10 = H10.I(i2);
                    C0609n c0609n = C1797a.f46635c;
                    if (I10 instanceof C1797a) {
                        c1797a = (C1797a) I10;
                    } else if (I10 != null) {
                        AbstractC0613s H11 = AbstractC0613s.H(I10);
                        ?? obj2 = new Object();
                        obj2.f46636a = null;
                        obj2.f46637b = null;
                        if (H11.size() != 2) {
                            throw new IllegalArgumentException("wrong number of elements in sequence");
                        }
                        obj2.f46636a = C0609n.I(H11.I(0));
                        obj2.f46637b = C1818v.w(H11.I(1));
                        c1797a = obj2;
                    } else {
                        c1797a = null;
                    }
                    c1797aArr[i2] = c1797a;
                }
                c1804h = obj;
            } else {
                c1804h = null;
            }
            C1797a[] c1797aArr2 = c1804h.f46656a;
            int length = c1797aArr2.length;
            C1797a[] c1797aArr3 = new C1797a[length];
            System.arraycopy(c1797aArr2, 0, c1797aArr3, 0, c1797aArr2.length);
            for (int i6 = 0; i6 != length; i6++) {
                C1797a c1797a2 = c1797aArr3[i6];
                if (C1797a.f46635c.B(c1797a2.f46636a)) {
                    C1818v c1818v = c1797a2.f46637b;
                    if (c1818v.f46710b == 6) {
                        try {
                            return new URI(((InterfaceC0615u) c1818v.f46709a).i());
                        } catch (URISyntaxException unused) {
                            continue;
                        }
                    } else {
                        continue;
                    }
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C1798b c1798b) {
        InterfaceC0600e interfaceC0600e = c1798b.f46639b;
        C0609n c0609n = c1798b.f46638a;
        if (interfaceC0600e != null && !U.f6786a.z(interfaceC0600e) && c0609n.B(d9.n.K0)) {
            return AbstractC2706a.a(new StringBuilder(), getDigestName(u.w(interfaceC0600e).f40951a.f46638a), "WITHRSAANDMGF1");
        }
        Map map = oids;
        return map.containsKey(c0609n) ? (String) map.get(c0609n) : c0609n.f6831a;
    }

    private static X509Certificate getSignerCert(C1071a c1071a, X509Certificate x509Certificate, X509Certificate x509Certificate2, b bVar) {
        AbstractC0607l abstractC0607l = c1071a.f26094a.f26117c.f26111a;
        byte[] bArr = abstractC0607l instanceof AbstractC0610o ? ((AbstractC0610o) abstractC0607l).f6836a : null;
        if (bArr != null) {
            MessageDigest j10 = bVar.j("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, calcKeyHash(j10, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, calcKeyHash(j10, x509Certificate.getPublicKey()))) {
                return x509Certificate;
            }
        } else {
            C1746a c1746a = C1746a.f;
            j9.c w = j9.c.w(c1746a, abstractC0607l instanceof AbstractC0610o ? null : j9.c.x(abstractC0607l));
            if (x509Certificate2 != null && w.equals(j9.c.w(c1746a, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && w.equals(j9.c.w(c1746a, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    private static boolean responderMatches(C1078h c1078h, X509Certificate x509Certificate, b bVar) {
        AbstractC0607l abstractC0607l = c1078h.f26111a;
        byte[] bArr = abstractC0607l instanceof AbstractC0610o ? ((AbstractC0610o) abstractC0607l).f6836a : null;
        if (bArr != null) {
            return Arrays.equals(bArr, calcKeyHash(bVar.j("SHA1"), x509Certificate.getPublicKey()));
        }
        C1746a c1746a = C1746a.f;
        return j9.c.w(c1746a, abstractC0607l instanceof AbstractC0610o ? null : j9.c.x(abstractC0607l)).equals(j9.c.w(c1746a, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C1071a c1071a, n nVar, byte[] bArr, X509Certificate x509Certificate, b bVar) {
        try {
            AbstractC0613s abstractC0613s = c1071a.f26097d;
            Signature createSignature = bVar.createSignature(getSignatureName(c1071a.f26095b));
            X509Certificate signerCert = getSignerCert(c1071a, nVar.f6889e, x509Certificate, bVar);
            if (signerCert == null && abstractC0613s == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            C1080j c1080j = c1071a.f26094a;
            int i2 = nVar.f6888d;
            CertPath certPath = nVar.f6887c;
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) bVar.y("X.509").generateCertificate(new ByteArrayInputStream(abstractC0613s.I(0).h().getEncoded()));
                x509Certificate2.verify(nVar.f6889e.getPublicKey());
                x509Certificate2.checkValidity(new Date(nVar.f6886b.getTime()));
                if (!responderMatches(c1080j.f26117c, x509Certificate2, bVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, certPath, i2);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C1780B.f46564b.f46565a.f6831a)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, certPath, i2);
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c1080j.s("DER"));
            if (!createSignature.verify(c1071a.f26096c.G())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c1080j.f.w(InterfaceC1074d.f26105b).f46706c.f6836a)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, certPath, i2);
            }
            return true;
        } catch (IOException e2) {
            throw new CertPathValidatorException(B0.h(e2, new StringBuilder("OCSP response failure: ")), e2, nVar.f6887c, nVar.f6888d);
        } catch (CertPathValidatorException e3) {
            throw e3;
        } catch (GeneralSecurityException e4) {
            throw new CertPathValidatorException("OCSP response failure: " + e4.getMessage(), e4, nVar.f6887c, nVar.f6888d);
        }
    }

    @Override // L9.m
    public void check(Certificate certificate) {
        byte[] bArr;
        boolean z2;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        Map<X509Certificate, byte[]> ocspResponses = this.parent.getOcspResponses();
        URI ocspResponder = this.parent.getOcspResponder();
        if (ocspResponder == null) {
            if (this.ocspURL != null) {
                try {
                    ocspResponder = new URI(this.ocspURL);
                } catch (URISyntaxException e2) {
                    String str = "configuration error: " + e2.getMessage();
                    n nVar = this.parameters;
                    throw new CertPathValidatorException(str, e2, nVar.f6887c, nVar.f6888d);
                }
            } else {
                ocspResponder = getOcspResponderURI(x509Certificate);
            }
        }
        URI uri = ocspResponder;
        if (ocspResponses.get(x509Certificate) != null || uri == null) {
            List<Extension> ocspExtensions = this.parent.getOcspExtensions();
            bArr = null;
            for (int i2 = 0; i2 != ocspExtensions.size(); i2++) {
                Extension extension = ocspExtensions.get(i2);
                byte[] value = extension.getValue();
                if (InterfaceC1074d.f26105b.f6831a.equals(extension.getId())) {
                    bArr = value;
                }
            }
            z2 = false;
        } else {
            if (this.ocspURL == null && this.parent.getOcspResponder() == null && !this.isEnabledOCSP) {
                n nVar2 = this.parameters;
                throw new RecoverableCertPathValidatorException("OCSP disabled by \"ocsp.enable\" setting", null, nVar2.f6887c, nVar2.f6888d);
            }
            try {
                ocspResponses.put(x509Certificate, OcspCache.getOcspResponse(createCertID(new C1798b(c9.b.f), extractCert(), new C0605j(x509Certificate.getSerialNumber())), this.parameters, uri, this.parent.getOcspResponderCert(), this.parent.getOcspExtensions(), this.helper).getEncoded());
                z2 = true;
                bArr = null;
            } catch (IOException e3) {
                n nVar3 = this.parameters;
                throw new CertPathValidatorException("unable to encode OCSP response", e3, nVar3.f6887c, nVar3.f6888d);
            }
        }
        if (ocspResponses.isEmpty()) {
            n nVar4 = this.parameters;
            throw new RecoverableCertPathValidatorException("no OCSP response found for any certificate", null, nVar4.f6887c, nVar4.f6888d);
        }
        C1076f w = C1076f.w(ocspResponses.get(x509Certificate));
        C0605j c0605j = new C0605j(x509Certificate.getSerialNumber());
        if (w == null) {
            n nVar5 = this.parameters;
            throw new RecoverableCertPathValidatorException("no OCSP response found for certificate", null, nVar5.f6887c, nVar5.f6888d);
        }
        C1077g c1077g = w.f26108a;
        if (c1077g.f26110a.H() != 0) {
            StringBuilder sb = new StringBuilder("OCSP response failed: ");
            C0602g c0602g = c1077g.f26110a;
            c0602g.getClass();
            sb.append(new BigInteger(c0602g.f6813a));
            String sb2 = sb.toString();
            n nVar6 = this.parameters;
            throw new CertPathValidatorException(sb2, null, nVar6.f6887c, nVar6.f6888d);
        }
        C1079i w10 = C1079i.w(w.f26109b);
        if (w10.f26112a.B(InterfaceC1074d.f26104a)) {
            try {
                C1071a w11 = C1071a.w(w10.f26113b.f6836a);
                if (!z2 && !validatedOcspResponse(w11, this.parameters, bArr, this.parent.getOcspResponderCert(), this.helper)) {
                    return;
                }
                AbstractC0613s abstractC0613s = C1080j.w(w11.f26094a).f26119e;
                C1072b c1072b = null;
                for (int i6 = 0; i6 != abstractC0613s.size(); i6++) {
                    C1082l w12 = C1082l.w(abstractC0613s.I(i6));
                    if (c0605j.B(w12.f26122a.f26101d)) {
                        C0603h c0603h = w12.f26125d;
                        if (c0603h != null) {
                            n nVar7 = this.parameters;
                            nVar7.getClass();
                            if (new Date(nVar7.f6886b.getTime()).after(c0603h.I())) {
                                throw new CertPathValidatorException("OCSP response expired");
                            }
                        }
                        C1072b c1072b2 = w12.f26122a;
                        if (c1072b == null || !c1072b.f26098a.equals(c1072b2.f26098a)) {
                            c1072b = createCertID(c1072b2, extractCert(), c0605j);
                        }
                        if (c1072b.equals(c1072b2)) {
                            C1073c c1073c = w12.f26123b;
                            int i9 = c1073c.f26102a;
                            if (i9 == 0) {
                                return;
                            }
                            if (i9 != 1) {
                                n nVar8 = this.parameters;
                                throw new CertPathValidatorException("certificate revoked, details unknown", null, nVar8.f6887c, nVar8.f6888d);
                            }
                            C1081k w13 = C1081k.w(c1073c.f26103b);
                            String str2 = "certificate revoked, reason=(" + w13.f26121b + "), date=" + w13.f26120a.I();
                            n nVar9 = this.parameters;
                            throw new CertPathValidatorException(str2, null, nVar9.f6887c, nVar9.f6888d);
                        }
                    }
                }
            } catch (CertPathValidatorException e4) {
                throw e4;
            } catch (Exception e7) {
                n nVar10 = this.parameters;
                throw new CertPathValidatorException("unable to process OCSP response", e7, nVar10.f6887c, nVar10.f6888d);
            }
        }
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z2) {
        if (z2) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = h.b("ocsp.enable");
        this.ocspURL = h.a("ocsp.responderURL");
    }

    @Override // L9.m
    public void initialize(n nVar) {
        this.parameters = nVar;
        this.isEnabledOCSP = h.b("ocsp.enable");
        this.ocspURL = h.a("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void setParameter(String str, Object obj) {
    }
}
