package org.bouncycastle.jce.provider;

import androidx.credentials.playservices.HiddenActivity$$ExternalSyntheticOutline0;
import androidx.work.impl.model.a;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
import org.bouncycastle.asn1.isara.IsaraObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.CertID;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.ResponderID;
import org.bouncycastle.asn1.ocsp.ResponseData;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStrictStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.jcajce.PKIXCertRevocationChecker;
import org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jcajce.util.MessageDigestUtils;
import org.bouncycastle.util.Properties;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class ProvOcspRevocationChecker implements PKIXCertRevocationChecker {
    public static final HashMap f;

    /* renamed from: a, reason: collision with root package name */
    public final ProvRevocationChecker f22477a;
    public final JcaJceHelper b;

    /* renamed from: c, reason: collision with root package name */
    public PKIXCertRevocationCheckerParameters f22478c;
    public boolean d;
    public String e;

    static {
        HashMap hashMap = new HashMap();
        f = hashMap;
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.f8, "SHA224WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.c8, "SHA256WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.d8, "SHA384WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.e8, "SHA512WITHRSA");
        hashMap.put(CryptoProObjectIdentifiers.f21057m, "GOST3411WITHGOST3410");
        hashMap.put(CryptoProObjectIdentifiers.f21058n, "GOST3411WITHECGOST3410");
        hashMap.put(RosstandartObjectIdentifiers.g, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(RosstandartObjectIdentifiers.f21262h, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(BSIObjectIdentifiers.f20993a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f20994c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(EACObjectIdentifiers.f21088h, "SHA1WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f21089i, "SHA224WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f21090j, "SHA256WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f21091k, "SHA384WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f21092l, "SHA512WITHCVC-ECDSA");
        hashMap.put(IsaraObjectIdentifiers.f21131a, "XMSS");
        hashMap.put(IsaraObjectIdentifiers.b, "XMSSMT");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(X9ObjectIdentifiers.y9, "SHA1WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.D9, "SHA224WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.E9, "SHA256WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.F9, "SHA384WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.G9, "SHA512WITHECDSA");
        hashMap.put(OIWObjectIdentifiers.f21222k, "SHA1WITHRSA");
        hashMap.put(OIWObjectIdentifiers.f21221j, "SHA1WITHDSA");
        hashMap.put(NISTObjectIdentifiers.Q, "SHA224WITHDSA");
        hashMap.put(NISTObjectIdentifiers.R, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, BCJcaJceHelper bCJcaJceHelper) {
        this.f22477a = provRevocationChecker;
        this.b = bCJcaJceHelper;
    }

    public static String d(AlgorithmIdentifier algorithmIdentifier) {
        ASN1Encodable aSN1Encodable = algorithmIdentifier.b;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = algorithmIdentifier.f21364a;
        if (aSN1Encodable == null || DERNull.f20949a.j(aSN1Encodable) || !aSN1ObjectIdentifier.l(PKCSObjectIdentifiers.b8)) {
            HashMap hashMap = f;
            return hashMap.containsKey(aSN1ObjectIdentifier) ? (String) hashMap.get(aSN1ObjectIdentifier) : aSN1ObjectIdentifier.f20917a;
        }
        RSASSAPSSparams g = RSASSAPSSparams.g(aSN1Encodable);
        StringBuilder sb = new StringBuilder();
        String a2 = MessageDigestUtils.a(g.f21254a.f21364a);
        int indexOf = a2.indexOf(45);
        if (indexOf > 0 && !a2.startsWith("SHA3")) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append(a2.substring(0, indexOf));
            a2 = a.k(a2, indexOf + 1, sb2);
        }
        return A.a.q(sb, a2, "WITHRSAANDMGF1");
    }

    public static X509Certificate e(BasicOCSPResponse basicOCSPResponse, X509Certificate x509Certificate, X509Certificate x509Certificate2, JcaJceHelper jcaJceHelper) {
        ASN1Object aSN1Object = basicOCSPResponse.f21196a.f21210c.f21207a;
        byte[] bArr = aSN1Object instanceof ASN1OctetString ? ((ASN1OctetString) aSN1Object).f20919a : null;
        if (bArr != null) {
            MessageDigest b = jcaJceHelper.b("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, b.digest(SubjectPublicKeyInfo.g(x509Certificate2.getPublicKey().getEncoded()).b.q()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, b.digest(SubjectPublicKeyInfo.g(x509Certificate.getPublicKey().getEncoded()).b.q()))) {
                return x509Certificate;
            }
        } else {
            BCStrictStyle bCStrictStyle = BCStrictStyle.f;
            X500Name h2 = X500Name.h(bCStrictStyle, aSN1Object instanceof ASN1OctetString ? null : X500Name.g(aSN1Object));
            if (x509Certificate2 != null && h2.equals(X500Name.h(bCStrictStyle, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && h2.equals(X500Name.h(bCStrictStyle, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static boolean f(ResponderID responderID, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) {
        ASN1Object aSN1Object = responderID.f21207a;
        byte[] bArr = aSN1Object instanceof ASN1OctetString ? ((ASN1OctetString) aSN1Object).f20919a : null;
        if (bArr != null) {
            return Arrays.equals(bArr, jcaJceHelper.b("SHA1").digest(SubjectPublicKeyInfo.g(x509Certificate.getPublicKey().getEncoded()).b.q()));
        }
        BCStrictStyle bCStrictStyle = BCStrictStyle.f;
        return X500Name.h(bCStrictStyle, aSN1Object instanceof ASN1OctetString ? null : X500Name.g(aSN1Object)).equals(X500Name.h(bCStrictStyle, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean g(BasicOCSPResponse basicOCSPResponse, PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters, byte[] bArr, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) {
        try {
            ASN1Sequence aSN1Sequence = basicOCSPResponse.d;
            Signature a2 = jcaJceHelper.a(d(basicOCSPResponse.b));
            X509Certificate e = e(basicOCSPResponse, pKIXCertRevocationCheckerParameters.e, x509Certificate, jcaJceHelper);
            if (e == null && aSN1Sequence == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            ResponseData responseData = basicOCSPResponse.f21196a;
            int i2 = pKIXCertRevocationCheckerParameters.d;
            CertPath certPath = pKIXCertRevocationCheckerParameters.f22112c;
            if (e != null) {
                a2.initVerify(e.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) jcaJceHelper.c().generateCertificate(new ByteArrayInputStream(aSN1Sequence.t(0).c().getEncoded()));
                x509Certificate2.verify(pKIXCertRevocationCheckerParameters.e.getPublicKey());
                x509Certificate2.checkValidity(new Date(pKIXCertRevocationCheckerParameters.b.getTime()));
                if (!f(responseData.f21210c, x509Certificate2, jcaJceHelper)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, certPath, i2);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(KeyPurposeId.d.f21425a.f20917a)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, certPath, i2);
                }
                a2.initVerify(x509Certificate2);
            }
            a2.update(responseData.f("DER"));
            if (!a2.verify(basicOCSPResponse.f21197c.q())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, responseData.f.g(OCSPObjectIdentifiers.b).f21411c.f20919a)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, certPath, i2);
            }
            return true;
        } catch (IOException e2) {
            throw new CertPathValidatorException(com.google.android.material.color.utilities.a.h(e2, new StringBuilder("OCSP response failure: ")), e2, pKIXCertRevocationCheckerParameters.f22112c, pKIXCertRevocationCheckerParameters.d);
        } catch (CertPathValidatorException e3) {
            throw e3;
        } catch (GeneralSecurityException e4) {
            throw new CertPathValidatorException("OCSP response failure: " + e4.getMessage(), e4, pKIXCertRevocationCheckerParameters.f22112c, pKIXCertRevocationCheckerParameters.d);
        }
    }

    @Override // org.bouncycastle.jcajce.PKIXCertRevocationChecker
    public final void a(PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters) {
        this.f22478c = pKIXCertRevocationCheckerParameters;
        this.d = Properties.b("ocsp.enable");
        this.e = Properties.a("ocsp.responderURL");
    }

    /* JADX WARN: Type inference failed for: r1v2, types: [org.bouncycastle.asn1.ASN1OctetString, org.bouncycastle.asn1.DEROctetString] */
    /* JADX WARN: Type inference failed for: r2v4, types: [org.bouncycastle.asn1.ASN1OctetString, org.bouncycastle.asn1.DEROctetString] */
    public final CertID b(AlgorithmIdentifier algorithmIdentifier, Certificate certificate, ASN1Integer aSN1Integer) {
        try {
            MessageDigest b = this.b.b(MessageDigestUtils.a(algorithmIdentifier.f21364a));
            return new CertID(algorithmIdentifier, new ASN1OctetString(b.digest(certificate.b.f21448h.f("DER"))), new ASN1OctetString(b.digest(certificate.b.f21449i.b.q())), aSN1Integer);
        } catch (Exception e) {
            throw new CertPathValidatorException("problem creating ID: " + e, e);
        }
    }

    public final Certificate c() {
        try {
            return Certificate.g(this.f22478c.e.getEncoded());
        } catch (Exception e) {
            String m2 = HiddenActivity$$ExternalSyntheticOutline0.m(e, new StringBuilder("cannot process signing cert: "));
            PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters = this.f22478c;
            throw new CertPathValidatorException(m2, e, pKIXCertRevocationCheckerParameters.f22112c, pKIXCertRevocationCheckerParameters.d);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:209:0x02d5, code lost:
    
        r6 = org.bouncycastle.asn1.ocsp.OCSPResponse.g(r2.toByteArray());
     */
    /* JADX WARN: Code restructure failed: missing block: B:211:0x02e5, code lost:
    
        if (r6.f21204a.f21205a.r() != 0) goto L133;
     */
    /* JADX WARN: Code restructure failed: missing block: B:212:0x02e7, code lost:
    
        r0 = org.bouncycastle.asn1.ocsp.ResponseBytes.g(r6.b);
     */
    /* JADX WARN: Code restructure failed: missing block: B:213:0x02f5, code lost:
    
        if (r0.f21208a.l(org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers.f21201a) == false) goto L128;
     */
    /* JADX WARN: Code restructure failed: missing block: B:215:0x0303, code lost:
    
        if (g(org.bouncycastle.asn1.ocsp.BasicOCSPResponse.g(r0.b.f20919a), r11, r5, r12, r10) == false) goto L128;
     */
    /* JADX WARN: Code restructure failed: missing block: B:216:0x0305, code lost:
    
        r0 = (java.lang.ref.WeakReference) r14.get(r4);
     */
    /* JADX WARN: Code restructure failed: missing block: B:217:0x030b, code lost:
    
        if (r0 == null) goto L122;
     */
    /* JADX WARN: Code restructure failed: missing block: B:218:0x030d, code lost:
    
        ((java.util.Map) r0.get()).put(r9, r6);
     */
    /* JADX WARN: Code restructure failed: missing block: B:219:0x031b, code lost:
    
        r0 = new java.util.HashMap();
        r0.put(r9, r6);
        r14.put(r4, new java.lang.ref.WeakReference(r0));
     */
    /* JADX WARN: Code restructure failed: missing block: B:222:0x0359, code lost:
    
        throw new java.security.cert.CertPathValidatorException("OCSP response failed to validate", null, r11.f22112c, r11.d);
     */
    /* JADX WARN: Code restructure failed: missing block: B:223:0x035c, code lost:
    
        r1 = new java.lang.StringBuilder();
        r1.append("OCSP responder failed: ");
        r3 = r6.f21204a.f21205a;
        r3.getClass();
        r1.append(new java.math.BigInteger(r3.f20908a));
     */
    /* JADX WARN: Code restructure failed: missing block: B:224:0x0387, code lost:
    
        throw new java.security.cert.CertPathValidatorException(r1.toString(), null, r11.f22112c, r11.d);
     */
    /* JADX WARN: Code restructure failed: missing block: B:225:0x035a, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:228:0x039c, code lost:
    
        throw new java.security.cert.CertPathValidatorException(com.google.android.material.color.utilities.a.h(r0, new java.lang.StringBuilder(r19)), r0, r11.f22112c, r11.d);
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r13v14, types: [org.bouncycastle.asn1.x509.AccessDescription, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r7v11, types: [org.bouncycastle.asn1.ASN1OctetString, org.bouncycastle.asn1.DEROctetString] */
    /* JADX WARN: Type inference failed for: r7v8, types: [org.bouncycastle.asn1.ASN1Sequence, org.bouncycastle.asn1.DERSequence] */
    /* JADX WARN: Type inference failed for: r8v5, types: [org.bouncycastle.asn1.ASN1Sequence, org.bouncycastle.asn1.ASN1Encodable, org.bouncycastle.asn1.DERSequence] */
    /* JADX WARN: Type inference failed for: r9v9, types: [org.bouncycastle.asn1.x509.AuthorityInformationAccess, java.lang.Object] */
    @Override // org.bouncycastle.jcajce.PKIXCertRevocationChecker
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void check(java.security.cert.Certificate r26) {
        /*
            Method dump skipped, instructions count: 1353
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }
}
