package org.bouncycastle.jce.provider;

import android.support.v4.media.a;
import com.ironsource.sdk.controller.b0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.isara.IsaraObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.CertID;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.ResponderID;
import org.bouncycastle.asn1.ocsp.ResponseData;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStrictStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.internal.asn1.bsi.BSIObjectIdentifiers;
import org.bouncycastle.internal.asn1.eac.EACObjectIdentifiers;
import org.bouncycastle.jcajce.PKIXCertRevocationChecker;
import org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jcajce.util.MessageDigestUtils;
import org.bouncycastle.util.Properties;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes6.dex */
public class ProvOcspRevocationChecker implements PKIXCertRevocationChecker {
    public static final HashMap y;

    /* renamed from: n, reason: collision with root package name */
    public final ProvRevocationChecker f54147n;

    /* renamed from: u, reason: collision with root package name */
    public final JcaJceHelper f54148u;

    /* renamed from: v, reason: collision with root package name */
    public PKIXCertRevocationCheckerParameters f54149v;

    /* renamed from: w, reason: collision with root package name */
    public boolean f54150w;

    /* renamed from: x, reason: collision with root package name */
    public String f54151x;

    static {
        HashMap hashMap = new HashMap();
        y = hashMap;
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.x8, "SHA224WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.u8, "SHA256WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.v8, "SHA384WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.w8, "SHA512WITHRSA");
        hashMap.put(CryptoProObjectIdentifiers.f52649m, "GOST3411WITHGOST3410");
        hashMap.put(CryptoProObjectIdentifiers.f52650n, "GOST3411WITHECGOST3410");
        hashMap.put(RosstandartObjectIdentifiers.g, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(RosstandartObjectIdentifiers.h, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(BSIObjectIdentifiers.f53684a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f53685c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(EACObjectIdentifiers.f53697a, "SHA1WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.b, "SHA224WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f53698c, "SHA256WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.d, "SHA384WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.e, "SHA512WITHCVC-ECDSA");
        hashMap.put(IsaraObjectIdentifiers.f52710a, "XMSS");
        hashMap.put(IsaraObjectIdentifiers.b, "XMSSMT");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(X9ObjectIdentifiers.E9, "SHA1WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.H9, "SHA224WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.I9, "SHA256WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.J9, "SHA384WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.K9, "SHA512WITHECDSA");
        hashMap.put(OIWObjectIdentifiers.k, "SHA1WITHRSA");
        hashMap.put(OIWObjectIdentifiers.j, "SHA1WITHDSA");
        hashMap.put(NISTObjectIdentifiers.R, "SHA224WITHDSA");
        hashMap.put(NISTObjectIdentifiers.S, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, BCJcaJceHelper bCJcaJceHelper) {
        this.f54147n = provRevocationChecker;
        this.f54148u = bCJcaJceHelper;
    }

    public static String d(AlgorithmIdentifier algorithmIdentifier) {
        ASN1Encodable aSN1Encodable = algorithmIdentifier.f52973u;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = algorithmIdentifier.f52972n;
        if (aSN1Encodable == null || DERNull.f52530u.u(aSN1Encodable) || !aSN1ObjectIdentifier.z(PKCSObjectIdentifiers.t8)) {
            HashMap hashMap = y;
            return hashMap.containsKey(aSN1ObjectIdentifier) ? (String) hashMap.get(aSN1ObjectIdentifier) : aSN1ObjectIdentifier.f52465n;
        }
        RSASSAPSSparams l = RSASSAPSSparams.l(aSN1Encodable);
        StringBuilder sb = new StringBuilder();
        String b = MessageDigestUtils.b(l.f52871n.f52972n);
        int indexOf = b.indexOf(45);
        if (indexOf > 0 && !b.startsWith("SHA3")) {
            b = b.substring(0, indexOf) + b.substring(indexOf + 1);
        }
        return a.o(sb, b, "WITHRSAANDMGF1");
    }

    public static X509Certificate e(BasicOCSPResponse basicOCSPResponse, X509Certificate x509Certificate, X509Certificate x509Certificate2, JcaJceHelper jcaJceHelper) {
        ASN1Object aSN1Object = basicOCSPResponse.f52773n.f52797v.f52791n;
        byte[] bArr = aSN1Object instanceof ASN1OctetString ? ((ASN1OctetString) aSN1Object).f52470n : null;
        if (bArr != null) {
            MessageDigest b = jcaJceHelper.b("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, b.digest(SubjectPublicKeyInfo.l(x509Certificate2.getPublicKey().getEncoded()).f53061u.E()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, b.digest(SubjectPublicKeyInfo.l(x509Certificate.getPublicKey().getEncoded()).f53061u.E()))) {
                return x509Certificate;
            }
        } else {
            BCStrictStyle bCStrictStyle = BCStrictStyle.f;
            X500Name m2 = X500Name.m(bCStrictStyle, aSN1Object instanceof ASN1OctetString ? null : X500Name.l(aSN1Object));
            if (x509Certificate2 != null && m2.equals(X500Name.m(bCStrictStyle, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && m2.equals(X500Name.m(bCStrictStyle, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static boolean f(ResponderID responderID, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) {
        ASN1Object aSN1Object = responderID.f52791n;
        byte[] bArr = aSN1Object instanceof ASN1OctetString ? ((ASN1OctetString) aSN1Object).f52470n : null;
        if (bArr != null) {
            return Arrays.equals(bArr, jcaJceHelper.b("SHA1").digest(SubjectPublicKeyInfo.l(x509Certificate.getPublicKey().getEncoded()).f53061u.E()));
        }
        BCStrictStyle bCStrictStyle = BCStrictStyle.f;
        return X500Name.m(bCStrictStyle, aSN1Object instanceof ASN1OctetString ? null : X500Name.l(aSN1Object)).equals(X500Name.m(bCStrictStyle, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean g(BasicOCSPResponse basicOCSPResponse, PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters, byte[] bArr, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) {
        try {
            ASN1Sequence aSN1Sequence = basicOCSPResponse.f52776w;
            Signature a2 = jcaJceHelper.a(d(basicOCSPResponse.f52774u));
            X509Certificate e = e(basicOCSPResponse, pKIXCertRevocationCheckerParameters.e, x509Certificate, jcaJceHelper);
            if (e == null && aSN1Sequence == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            ResponseData responseData = basicOCSPResponse.f52773n;
            int i2 = pKIXCertRevocationCheckerParameters.d;
            CertPath certPath = pKIXCertRevocationCheckerParameters.f53729c;
            if (e != null) {
                a2.initVerify(e.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) jcaJceHelper.c().generateCertificate(new ByteArrayInputStream(aSN1Sequence.H(0).f().getEncoded()));
                x509Certificate2.verify(pKIXCertRevocationCheckerParameters.e.getPublicKey());
                x509Certificate2.checkValidity(new Date(pKIXCertRevocationCheckerParameters.b.getTime()));
                if (!f(responseData.f52797v, x509Certificate2, jcaJceHelper)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, certPath, i2);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(KeyPurposeId.f53040w.f53042n.f52465n)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, certPath, i2);
                }
                a2.initVerify(x509Certificate2);
            }
            a2.update(responseData.i());
            if (!a2.verify(basicOCSPResponse.f52775v.E())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, responseData.y.l(OCSPObjectIdentifiers.b).f53015v.f52470n)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, certPath, i2);
            }
            return true;
        } catch (IOException e2) {
            throw new CertPathValidatorException(b0.k(e2, new StringBuilder("OCSP response failure: ")), e2, pKIXCertRevocationCheckerParameters.f53729c, pKIXCertRevocationCheckerParameters.d);
        } catch (CertPathValidatorException e3) {
            throw e3;
        } catch (GeneralSecurityException e4) {
            throw new CertPathValidatorException("OCSP response failure: " + e4.getMessage(), e4, pKIXCertRevocationCheckerParameters.f53729c, pKIXCertRevocationCheckerParameters.d);
        }
    }

    @Override // org.bouncycastle.jcajce.PKIXCertRevocationChecker
    public final void a(PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters) {
        this.f54149v = pKIXCertRevocationCheckerParameters;
        this.f54150w = Properties.b("ocsp.enable");
        this.f54151x = Properties.a("ocsp.responderURL");
    }

    /* JADX WARN: Type inference failed for: r5v7, types: [java.lang.Object, org.bouncycastle.asn1.ocsp.CertID] */
    public final CertID b(AlgorithmIdentifier algorithmIdentifier, Certificate certificate, ASN1Integer aSN1Integer) {
        try {
            MessageDigest b = this.f54148u.b(MessageDigestUtils.b(algorithmIdentifier.f52972n));
            ASN1OctetString aSN1OctetString = new ASN1OctetString(b.digest(certificate.f52990u.A.i()));
            ASN1OctetString aSN1OctetString2 = new ASN1OctetString(b.digest(certificate.f52990u.B.f53061u.E()));
            ?? obj = new Object();
            obj.f52777n = algorithmIdentifier;
            obj.f52778u = aSN1OctetString;
            obj.f52779v = aSN1OctetString2;
            obj.f52780w = aSN1Integer;
            return obj;
        } catch (Exception e) {
            throw new CertPathValidatorException("problem creating ID: " + e, e);
        }
    }

    public final Certificate c() {
        try {
            return Certificate.l(this.f54149v.e.getEncoded());
        } catch (Exception e) {
            String k = androidx.datastore.preferences.protobuf.a.k(e, new StringBuilder("cannot process signing cert: "));
            PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters = this.f54149v;
            throw new CertPathValidatorException(k, e, pKIXCertRevocationCheckerParameters.f53729c, pKIXCertRevocationCheckerParameters.d);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:209:0x02f2, code lost:
    
        r6 = org.bouncycastle.asn1.ocsp.OCSPResponse.l(r2.toByteArray());
     */
    /* JADX WARN: Code restructure failed: missing block: B:211:0x0302, code lost:
    
        if (r6.f52786n.f52788n.H() != 0) goto L133;
     */
    /* JADX WARN: Code restructure failed: missing block: B:212:0x0304, code lost:
    
        r0 = org.bouncycastle.asn1.ocsp.ResponseBytes.l(r6.f52787u);
     */
    /* JADX WARN: Code restructure failed: missing block: B:213:0x0312, code lost:
    
        if (r0.f52792n.z(org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers.f52783a) == false) goto L128;
     */
    /* JADX WARN: Code restructure failed: missing block: B:215:0x0320, code lost:
    
        if (g(org.bouncycastle.asn1.ocsp.BasicOCSPResponse.l(r0.f52793u.f52470n), r11, r5, r12, r10) == false) goto L128;
     */
    /* JADX WARN: Code restructure failed: missing block: B:216:0x0322, code lost:
    
        r0 = (java.lang.ref.WeakReference) r14.get(r4);
     */
    /* JADX WARN: Code restructure failed: missing block: B:217:0x0328, code lost:
    
        if (r0 == null) goto L122;
     */
    /* JADX WARN: Code restructure failed: missing block: B:218:0x032a, code lost:
    
        ((java.util.Map) r0.get()).put(r9, r6);
     */
    /* JADX WARN: Code restructure failed: missing block: B:219:0x0338, code lost:
    
        r0 = new java.util.HashMap();
        r0.put(r9, r6);
        r14.put(r4, new java.lang.ref.WeakReference(r0));
     */
    /* JADX WARN: Code restructure failed: missing block: B:222:0x0376, code lost:
    
        throw new java.security.cert.CertPathValidatorException("OCSP response failed to validate", null, r11.f53729c, r11.d);
     */
    /* JADX WARN: Code restructure failed: missing block: B:224:0x039e, code lost:
    
        throw new java.security.cert.CertPathValidatorException("OCSP responder failed: " + r6.f52786n.f52788n.G(), null, r11.f53729c, r11.d);
     */
    /* JADX WARN: Code restructure failed: missing block: B:225:0x0377, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:228:0x03b3, code lost:
    
        throw new java.security.cert.CertPathValidatorException(com.ironsource.sdk.controller.b0.k(r0, new java.lang.StringBuilder(r19)), r0, r11.f53729c, r11.d);
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r13v14, types: [org.bouncycastle.asn1.x509.AccessDescription, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r13v8, types: [org.bouncycastle.asn1.ASN1Encodable, org.bouncycastle.asn1.x509.Extension, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r1v36, types: [org.bouncycastle.asn1.ocsp.OCSPRequest, java.lang.Object, org.bouncycastle.asn1.ASN1Object] */
    /* JADX WARN: Type inference failed for: r2v4, types: [org.bouncycastle.asn1.ocsp.Request, org.bouncycastle.asn1.ASN1Encodable, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r6v14, types: [java.lang.Object, org.bouncycastle.asn1.ocsp.TBSRequest] */
    /* JADX WARN: Type inference failed for: r7v8, types: [org.bouncycastle.asn1.ASN1Sequence, org.bouncycastle.asn1.DERSequence] */
    /* JADX WARN: Type inference failed for: r8v5, types: [org.bouncycastle.asn1.ASN1Sequence, org.bouncycastle.asn1.ASN1Encodable, org.bouncycastle.asn1.DERSequence] */
    /* JADX WARN: Type inference failed for: r9v9, types: [org.bouncycastle.asn1.x509.AuthorityInformationAccess, java.lang.Object] */
    @Override // org.bouncycastle.jcajce.PKIXCertRevocationChecker
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void check(java.security.cert.Certificate r26) {
        /*
            Method dump skipped, instructions count: 1370
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }
}
