package org.bouncycastle.jce.provider;

import defpackage.a55;
import defpackage.ai;
import defpackage.b0;
import defpackage.bl0;
import defpackage.bt;
import defpackage.c15;
import defpackage.d62;
import defpackage.dr3;
import defpackage.ei3;
import defpackage.ej4;
import defpackage.ex2;
import defpackage.f3;
import defpackage.g0;
import defpackage.gp;
import defpackage.gp3;
import defpackage.i0;
import defpackage.ix2;
import defpackage.j;
import defpackage.l0;
import defpackage.la2;
import defpackage.lm0;
import defpackage.m0;
import defpackage.no;
import defpackage.no1;
import defpackage.p81;
import defpackage.p9;
import defpackage.pc3;
import defpackage.pp3;
import defpackage.pt2;
import defpackage.pz0;
import defpackage.q52;
import defpackage.r0;
import defpackage.rh2;
import defpackage.rp2;
import defpackage.t43;
import defpackage.u0;
import defpackage.w30;
import defpackage.w35;
import defpackage.x43;
import defpackage.xv2;
import defpackage.y43;
import defpackage.z30;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class ProvOcspRevocationChecker implements x43 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final d62 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private y43 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new l0("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(t43.b0, "SHA224WITHRSA");
        hashMap.put(t43.U, "SHA256WITHRSA");
        hashMap.put(t43.W, "SHA384WITHRSA");
        hashMap.put(t43.a0, "SHA512WITHRSA");
        hashMap.put(bl0.m, "GOST3411WITHGOST3410");
        hashMap.put(bl0.n, "GOST3411WITHECGOST3410");
        hashMap.put(dr3.g, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(dr3.h, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(gp.a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(gp.b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(gp.c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(gp.d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(gp.e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(gp.f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(pz0.a, "SHA1WITHCVC-ECDSA");
        hashMap.put(pz0.b, "SHA224WITHCVC-ECDSA");
        hashMap.put(pz0.c, "SHA256WITHCVC-ECDSA");
        hashMap.put(pz0.d, "SHA384WITHCVC-ECDSA");
        hashMap.put(pz0.e, "SHA512WITHCVC-ECDSA");
        hashMap.put(q52.a, "XMSS");
        hashMap.put(q52.b, "XMSSMT");
        hashMap.put(new l0("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new l0("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new l0("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(a55.o1, "SHA1WITHECDSA");
        hashMap.put(a55.r1, "SHA224WITHECDSA");
        hashMap.put(a55.s1, "SHA256WITHECDSA");
        hashMap.put(a55.t1, "SHA384WITHECDSA");
        hashMap.put(a55.u1, "SHA512WITHECDSA");
        hashMap.put(ix2.h, "SHA1WITHRSA");
        hashMap.put(ix2.g, "SHA1WITHDSA");
        hashMap.put(pt2.U, "SHA224WITHDSA");
        hashMap.put(pt2.V, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, d62 d62Var) {
        this.parent = provRevocationChecker;
        this.helper = d62Var;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(ej4.h(publicKey.getEncoded()).c.s());
    }

    /* JADX WARN: Type inference failed for: r5v7, types: [w30, java.lang.Object] */
    private w30 createCertID(p9 p9Var, z30 z30Var, g0 g0Var) throws CertPathValidatorException {
        try {
            MessageDigest b = this.helper.b(rp2.b(p9Var.a));
            m0 m0Var = new m0(b.digest(z30Var.c.i.g()));
            m0 m0Var2 = new m0(b.digest(z30Var.c.j.c.s()));
            ?? obj = new Object();
            obj.a = p9Var;
            obj.c = m0Var;
            obj.d = m0Var2;
            obj.e = g0Var;
            return obj;
        } catch (Exception e) {
            throw new CertPathValidatorException(xv2.h("problem creating ID: ", e), e);
        }
    }

    private w30 createCertID(w30 w30Var, z30 z30Var, g0 g0Var) throws CertPathValidatorException {
        return createCertID(w30Var.a, z30Var, g0Var);
    }

    private z30 extractCert() throws CertPathValidatorException {
        try {
            return z30.i(this.parameters.e.getEncoded());
        } catch (Exception e) {
            String e2 = c15.e(e, new StringBuilder("cannot process signing cert: "));
            y43 y43Var = this.parameters;
            throw new CertPathValidatorException(e2, e, y43Var.c, y43Var.d);
        }
    }

    private static String getDigestName(l0 l0Var) {
        String b = rp2.b(l0Var);
        int indexOf = b.indexOf(45);
        if (indexOf <= 0 || b.startsWith("SHA3")) {
            return b;
        }
        return b.substring(0, indexOf) + b.substring(indexOf + 1);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v1, types: [ai, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r7v2, types: [java.lang.Object, f3] */
    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        ai aiVar;
        f3 f3Var;
        byte[] extensionValue = x509Certificate.getExtensionValue(p81.B.u());
        if (extensionValue == null) {
            return null;
        }
        byte[] bArr = m0.r(extensionValue).a;
        if (bArr instanceof ai) {
            aiVar = (ai) bArr;
        } else if (bArr != 0) {
            r0 u = r0.u(bArr);
            ?? obj = new Object();
            if (u.size() < 1) {
                throw new IllegalArgumentException("sequence may not be empty");
            }
            obj.a = new f3[u.size()];
            for (int i = 0; i != u.size(); i++) {
                f3[] f3VarArr = obj.a;
                b0 v = u.v(i);
                l0 l0Var = f3.d;
                if (v instanceof f3) {
                    f3Var = (f3) v;
                } else if (v != null) {
                    r0 u2 = r0.u(v);
                    ?? obj2 = new Object();
                    obj2.a = null;
                    obj2.c = null;
                    if (u2.size() != 2) {
                        throw new IllegalArgumentException("wrong number of elements in sequence");
                    }
                    obj2.a = l0.v(u2.v(0));
                    obj2.c = no1.h(u2.v(1));
                    f3Var = obj2;
                } else {
                    f3Var = null;
                }
                f3VarArr[i] = f3Var;
            }
            aiVar = obj;
        } else {
            aiVar = null;
        }
        f3[] f3VarArr2 = aiVar.a;
        int length = f3VarArr2.length;
        f3[] f3VarArr3 = new f3[length];
        System.arraycopy(f3VarArr2, 0, f3VarArr3, 0, f3VarArr2.length);
        for (int i2 = 0; i2 != length; i2++) {
            f3 f3Var2 = f3VarArr3[i2];
            if (f3.d.n(f3Var2.a)) {
                no1 no1Var = f3Var2.c;
                if (no1Var.c == 6) {
                    try {
                        return new URI(((u0) no1Var.a).getString());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(p9 p9Var) {
        b0 b0Var = p9Var.c;
        l0 l0Var = p9Var.a;
        if (b0Var != null && !lm0.c.m(b0Var) && l0Var.n(t43.T)) {
            return rh2.p(new StringBuilder(), getDigestName(ei3.h(b0Var).a.a), "WITHRSAANDMGF1");
        }
        Map map = oids;
        return map.containsKey(l0Var) ? (String) map.get(l0Var) : l0Var.u();
    }

    private static X509Certificate getSignerCert(bt btVar, X509Certificate x509Certificate, X509Certificate x509Certificate2, d62 d62Var) throws NoSuchProviderException, NoSuchAlgorithmException {
        i0 i0Var = btVar.a.d.a;
        byte[] bArr = i0Var instanceof m0 ? ((m0) i0Var).a : null;
        if (bArr != null) {
            MessageDigest b = d62Var.b("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, calcKeyHash(b, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, calcKeyHash(b, x509Certificate.getPublicKey()))) {
                return x509Certificate;
            }
        } else {
            no noVar = no.m;
            w35 h = w35.h(noVar, i0Var instanceof m0 ? null : w35.i(i0Var));
            if (x509Certificate2 != null && h.equals(w35.h(noVar, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && h.equals(w35.h(noVar, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    private static boolean isEqualAlgId(p9 p9Var, p9 p9Var2) {
        if (p9Var == p9Var2 || p9Var.equals(p9Var2)) {
            return true;
        }
        if (!p9Var.a.n(p9Var2.a)) {
            return false;
        }
        b0 b0Var = p9Var.c;
        b0 b0Var2 = p9Var2.c;
        if (b0Var == b0Var2) {
            return true;
        }
        lm0 lm0Var = lm0.c;
        if (b0Var == null) {
            return lm0Var.m(b0Var2);
        }
        if (lm0Var.m(b0Var) && b0Var2 == null) {
            return true;
        }
        return b0Var.equals(b0Var2);
    }

    private static boolean responderMatches(gp3 gp3Var, X509Certificate x509Certificate, d62 d62Var) throws NoSuchProviderException, NoSuchAlgorithmException {
        i0 i0Var = gp3Var.a;
        byte[] bArr = i0Var instanceof m0 ? ((m0) i0Var).a : null;
        if (bArr != null) {
            return Arrays.equals(bArr, calcKeyHash(d62Var.b("SHA1"), x509Certificate.getPublicKey()));
        }
        no noVar = no.m;
        return w35.h(noVar, i0Var instanceof m0 ? null : w35.i(i0Var)).equals(w35.h(noVar, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(bt btVar, y43 y43Var, byte[] bArr, X509Certificate x509Certificate, d62 d62Var) throws CertPathValidatorException {
        try {
            r0 r0Var = btVar.e;
            pp3 pp3Var = btVar.a;
            Signature createSignature = d62Var.createSignature(getSignatureName(btVar.c));
            X509Certificate x509Certificate2 = y43Var.e;
            int i = y43Var.d;
            CertPath certPath = y43Var.c;
            X509Certificate signerCert = getSignerCert(btVar, x509Certificate2, x509Certificate, d62Var);
            if (signerCert == null && r0Var == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate3 = (X509Certificate) d62Var.i("X.509").generateCertificate(new ByteArrayInputStream(r0Var.v(0).e().getEncoded()));
                x509Certificate3.verify(y43Var.e.getPublicKey());
                x509Certificate3.checkValidity(y43Var.a());
                if (!responderMatches(pp3Var.d, x509Certificate3, d62Var)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, certPath, i);
                }
                List<String> extendedKeyUsage = x509Certificate3.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(la2.d.a.u())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, certPath, i);
                }
                createSignature.initVerify(x509Certificate3);
            }
            createSignature.update(pp3Var.g());
            if (!createSignature.verify(btVar.d.u())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, pp3Var.g.h(ex2.b).d.a)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, certPath, i);
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(j.f(e, new StringBuilder("OCSP response failure: ")), e, y43Var.c, y43Var.d);
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException("OCSP response failure: " + e3.getMessage(), e3, y43Var.c, y43Var.d);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x017f, code lost:
    
        if (isEqualAlgId(r0.a, r3.a) != false) goto L71;
     */
    @Override // defpackage.x43
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 553
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = pc3.b("ocsp.enable");
        this.ocspURL = pc3.a("ocsp.responderURL");
    }

    @Override // defpackage.x43
    public void initialize(y43 y43Var) {
        this.parameters = y43Var;
        this.isEnabledOCSP = pc3.b("ocsp.enable");
        this.ocspURL = pc3.a("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void setParameter(String str, Object obj) {
    }
}
