package org.bouncycastle.jce.provider;

import androidx.appcompat.view.menu.a;
import androidx.compose.runtime.c;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.isara.IsaraObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.CertID;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.ResponderID;
import org.bouncycastle.asn1.ocsp.ResponseData;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStrictStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.internal.asn1.bsi.BSIObjectIdentifiers;
import org.bouncycastle.internal.asn1.eac.EACObjectIdentifiers;
import org.bouncycastle.jcajce.PKIXCertRevocationChecker;
import org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jcajce.util.MessageDigestUtils;
import org.bouncycastle.util.Properties;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvOcspRevocationChecker implements PKIXCertRevocationChecker {

    /* renamed from: f, reason: collision with root package name */
    public static final HashMap f26956f;

    /* renamed from: a, reason: collision with root package name */
    public final ProvRevocationChecker f26957a;
    public final JcaJceHelper b;

    /* renamed from: c, reason: collision with root package name */
    public PKIXCertRevocationCheckerParameters f26958c;
    public boolean d;

    /* renamed from: e, reason: collision with root package name */
    public String f26959e;

    static {
        HashMap hashMap = new HashMap();
        f26956f = hashMap;
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.f25879B, "SHA224WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.f25894u, "SHA256WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.f25895v, "SHA384WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.f25878A, "SHA512WITHRSA");
        hashMap.put(CryptoProObjectIdentifiers.f25744m, "GOST3411WITHGOST3410");
        hashMap.put(CryptoProObjectIdentifiers.n, "GOST3411WITHECGOST3410");
        hashMap.put(RosstandartObjectIdentifiers.g, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(RosstandartObjectIdentifiers.h, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(BSIObjectIdentifiers.f26557a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f26558c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f26559e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f26560f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(EACObjectIdentifiers.f26568a, "SHA1WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.b, "SHA224WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f26569c, "SHA256WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.d, "SHA384WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f26570e, "SHA512WITHCVC-ECDSA");
        hashMap.put(IsaraObjectIdentifiers.f25778a, "XMSS");
        hashMap.put(IsaraObjectIdentifiers.b, "XMSSMT");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(X9ObjectIdentifiers.I0, "SHA1WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.L0, "SHA224WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.M0, "SHA256WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.N0, "SHA384WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.O0, "SHA512WITHECDSA");
        hashMap.put(OIWObjectIdentifiers.h, "SHA1WITHRSA");
        hashMap.put(OIWObjectIdentifiers.g, "SHA1WITHDSA");
        hashMap.put(NISTObjectIdentifiers.P, "SHA224WITHDSA");
        hashMap.put(NISTObjectIdentifiers.f25803Q, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, BCJcaJceHelper bCJcaJceHelper) {
        this.f26957a = provRevocationChecker;
        this.b = bCJcaJceHelper;
    }

    public static String d(AlgorithmIdentifier algorithmIdentifier) {
        ASN1Encodable aSN1Encodable = algorithmIdentifier.b;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = algorithmIdentifier.f26007a;
        if (aSN1Encodable == null || DERNull.f25696a.m(aSN1Encodable) || !aSN1ObjectIdentifier.o(PKCSObjectIdentifiers.f25893t)) {
            HashMap hashMap = f26956f;
            return hashMap.containsKey(aSN1ObjectIdentifier) ? (String) hashMap.get(aSN1ObjectIdentifier) : aSN1ObjectIdentifier.f25661a;
        }
        RSASSAPSSparams i = RSASSAPSSparams.i(aSN1Encodable);
        StringBuilder sb = new StringBuilder();
        String a2 = MessageDigestUtils.a(i.f25912a.f26007a);
        int indexOf = a2.indexOf(45);
        if (indexOf > 0 && !a2.startsWith("SHA3")) {
            a2 = a2.substring(0, indexOf) + a2.substring(indexOf + 1);
        }
        return a.o(a2, "WITHRSAANDMGF1", sb);
    }

    public static X509Certificate e(BasicOCSPResponse basicOCSPResponse, X509Certificate x509Certificate, X509Certificate x509Certificate2, JcaJceHelper jcaJceHelper) {
        ASN1Object aSN1Object = basicOCSPResponse.f25832a.f25845c.f25842a;
        byte[] bArr = aSN1Object instanceof ASN1OctetString ? ((ASN1OctetString) aSN1Object).f25663a : null;
        if (bArr != null) {
            MessageDigest b = jcaJceHelper.b("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, b.digest(SubjectPublicKeyInfo.i(x509Certificate2.getPublicKey().getEncoded()).b.t()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, b.digest(SubjectPublicKeyInfo.i(x509Certificate.getPublicKey().getEncoded()).b.t()))) {
                return x509Certificate;
            }
        } else {
            BCStrictStyle bCStrictStyle = BCStrictStyle.f25998f;
            X500Name k = X500Name.k(bCStrictStyle, aSN1Object instanceof ASN1OctetString ? null : X500Name.i(aSN1Object));
            if (x509Certificate2 != null && k.equals(X500Name.k(bCStrictStyle, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && k.equals(X500Name.k(bCStrictStyle, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static boolean f(ResponderID responderID, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) {
        ASN1Object aSN1Object = responderID.f25842a;
        byte[] bArr = aSN1Object instanceof ASN1OctetString ? ((ASN1OctetString) aSN1Object).f25663a : null;
        if (bArr != null) {
            return Arrays.equals(bArr, jcaJceHelper.b("SHA1").digest(SubjectPublicKeyInfo.i(x509Certificate.getPublicKey().getEncoded()).b.t()));
        }
        BCStrictStyle bCStrictStyle = BCStrictStyle.f25998f;
        return X500Name.k(bCStrictStyle, aSN1Object instanceof ASN1OctetString ? null : X500Name.i(aSN1Object)).equals(X500Name.k(bCStrictStyle, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean g(BasicOCSPResponse basicOCSPResponse, PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters, byte[] bArr, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) {
        try {
            ASN1Sequence aSN1Sequence = basicOCSPResponse.d;
            Signature a2 = jcaJceHelper.a(d(basicOCSPResponse.b));
            X509Certificate e2 = e(basicOCSPResponse, pKIXCertRevocationCheckerParameters.f26591e, x509Certificate, jcaJceHelper);
            if (e2 == null && aSN1Sequence == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            ResponseData responseData = basicOCSPResponse.f25832a;
            int i = pKIXCertRevocationCheckerParameters.d;
            CertPath certPath = pKIXCertRevocationCheckerParameters.f26590c;
            if (e2 != null) {
                a2.initVerify(e2.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) jcaJceHelper.d().generateCertificate(new ByteArrayInputStream(aSN1Sequence.w(0).c().getEncoded()));
                x509Certificate2.verify(pKIXCertRevocationCheckerParameters.f26591e.getPublicKey());
                x509Certificate2.checkValidity(new Date(pKIXCertRevocationCheckerParameters.b.getTime()));
                if (!f(responseData.f25845c, x509Certificate2, jcaJceHelper)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, certPath, i);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(KeyPurposeId.b.f26046a.f25661a)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, certPath, i);
                }
                a2.initVerify(x509Certificate2);
            }
            a2.update(responseData.h("DER"));
            if (!a2.verify(basicOCSPResponse.f25833c.t())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, responseData.f25847f.i(OCSPObjectIdentifiers.b).f26032c.f25663a)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, certPath, i);
            }
            return true;
        } catch (IOException e3) {
            throw new CertPathValidatorException(H.a.r(e3, new StringBuilder("OCSP response failure: ")), e3, pKIXCertRevocationCheckerParameters.f26590c, pKIXCertRevocationCheckerParameters.d);
        } catch (CertPathValidatorException e4) {
            throw e4;
        } catch (GeneralSecurityException e5) {
            throw new CertPathValidatorException(c.r(e5, new StringBuilder("OCSP response failure: ")), e5, pKIXCertRevocationCheckerParameters.f26590c, pKIXCertRevocationCheckerParameters.d);
        }
    }

    @Override // org.bouncycastle.jcajce.PKIXCertRevocationChecker
    public final void a(PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters) {
        this.f26958c = pKIXCertRevocationCheckerParameters;
        this.d = Properties.b("ocsp.enable");
        this.f26959e = Properties.a("ocsp.responderURL");
    }

    /* JADX WARN: Type inference failed for: r6v7, types: [java.lang.Object, org.bouncycastle.asn1.ocsp.CertID] */
    public final CertID b(AlgorithmIdentifier algorithmIdentifier, Certificate certificate, ASN1Integer aSN1Integer) {
        try {
            MessageDigest b = this.b.b(MessageDigestUtils.a(algorithmIdentifier.f26007a));
            ASN1OctetString aSN1OctetString = new ASN1OctetString(b.digest(certificate.b.x.h("DER")));
            ASN1OctetString aSN1OctetString2 = new ASN1OctetString(b.digest(certificate.b.y.b.t()));
            ?? obj = new Object();
            obj.f25834a = algorithmIdentifier;
            obj.b = aSN1OctetString;
            obj.f25835c = aSN1OctetString2;
            obj.d = aSN1Integer;
            return obj;
        } catch (Exception e2) {
            throw new CertPathValidatorException("problem creating ID: " + e2, e2);
        }
    }

    public final Certificate c() {
        try {
            return Certificate.i(this.f26958c.f26591e.getEncoded());
        } catch (Exception e2) {
            String f2 = com.mapbox.maps.plugin.annotation.generated.a.f(e2, new StringBuilder("cannot process signing cert: "));
            PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters = this.f26958c;
            throw new CertPathValidatorException(f2, e2, pKIXCertRevocationCheckerParameters.f26590c, pKIXCertRevocationCheckerParameters.d);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:209:0x02f2, code lost:
    
        r6 = org.bouncycastle.asn1.ocsp.OCSPResponse.i(r2.toByteArray());
     */
    /* JADX WARN: Code restructure failed: missing block: B:211:0x0302, code lost:
    
        if (r6.f25839a.f25840a.u() != 0) goto L133;
     */
    /* JADX WARN: Code restructure failed: missing block: B:212:0x0304, code lost:
    
        r0 = org.bouncycastle.asn1.ocsp.ResponseBytes.i(r6.b);
     */
    /* JADX WARN: Code restructure failed: missing block: B:213:0x0312, code lost:
    
        if (r0.f25843a.o(org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers.f25837a) == false) goto L128;
     */
    /* JADX WARN: Code restructure failed: missing block: B:215:0x0320, code lost:
    
        if (g(org.bouncycastle.asn1.ocsp.BasicOCSPResponse.i(r0.b.f25663a), r11, r5, r12, r10) == false) goto L128;
     */
    /* JADX WARN: Code restructure failed: missing block: B:216:0x0322, code lost:
    
        r0 = (java.lang.ref.WeakReference) r14.get(r4);
     */
    /* JADX WARN: Code restructure failed: missing block: B:217:0x0328, code lost:
    
        if (r0 == null) goto L122;
     */
    /* JADX WARN: Code restructure failed: missing block: B:218:0x032a, code lost:
    
        ((java.util.Map) r0.get()).put(r9, r6);
     */
    /* JADX WARN: Code restructure failed: missing block: B:219:0x0338, code lost:
    
        r0 = new java.util.HashMap();
        r0.put(r9, r6);
        r14.put(r4, new java.lang.ref.WeakReference(r0));
     */
    /* JADX WARN: Code restructure failed: missing block: B:222:0x0376, code lost:
    
        throw new java.security.cert.CertPathValidatorException("OCSP response failed to validate", null, r11.f26590c, r11.d);
     */
    /* JADX WARN: Code restructure failed: missing block: B:223:0x0379, code lost:
    
        r1 = new java.lang.StringBuilder();
        r1.append("OCSP responder failed: ");
        r3 = r6.f25839a.f25840a;
        r3.getClass();
        r1.append(new java.math.BigInteger(r3.f25651a));
     */
    /* JADX WARN: Code restructure failed: missing block: B:224:0x03a4, code lost:
    
        throw new java.security.cert.CertPathValidatorException(r1.toString(), null, r11.f26590c, r11.d);
     */
    /* JADX WARN: Code restructure failed: missing block: B:225:0x0377, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:228:0x03b9, code lost:
    
        throw new java.security.cert.CertPathValidatorException(H.a.r(r0, new java.lang.StringBuilder(r19)), r0, r11.f26590c, r11.d);
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r13v14, types: [org.bouncycastle.asn1.x509.AccessDescription, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r13v8, types: [org.bouncycastle.asn1.ASN1Encodable, org.bouncycastle.asn1.x509.Extension, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r1v36, types: [org.bouncycastle.asn1.ocsp.OCSPRequest, java.lang.Object, org.bouncycastle.asn1.ASN1Object] */
    /* JADX WARN: Type inference failed for: r2v4, types: [org.bouncycastle.asn1.ocsp.Request, org.bouncycastle.asn1.ASN1Encodable, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r6v15, types: [java.lang.Object, org.bouncycastle.asn1.ocsp.TBSRequest] */
    /* JADX WARN: Type inference failed for: r7v8, types: [org.bouncycastle.asn1.ASN1Sequence, org.bouncycastle.asn1.DERSequence] */
    /* JADX WARN: Type inference failed for: r8v5, types: [org.bouncycastle.asn1.ASN1Sequence, org.bouncycastle.asn1.ASN1Encodable, org.bouncycastle.asn1.DERSequence] */
    /* JADX WARN: Type inference failed for: r9v9, types: [org.bouncycastle.asn1.x509.AuthorityInformationAccess, java.lang.Object] */
    @Override // org.bouncycastle.jcajce.PKIXCertRevocationChecker
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void check(java.security.cert.Certificate r26) {
        /*
            Method dump skipped, instructions count: 1383
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }
}
