package org.bouncycastle.jce.provider;

import defpackage.a1;
import defpackage.b80;
import defpackage.bk9;
import defpackage.blc;
import defpackage.bs7;
import defpackage.c31;
import defpackage.cg7;
import defpackage.d31;
import defpackage.de;
import defpackage.dr8;
import defpackage.ds7;
import defpackage.ep5;
import defpackage.es7;
import defpackage.f31;
import defpackage.fl4;
import defpackage.gmc;
import defpackage.hg9;
import defpackage.hi9;
import defpackage.i0;
import defpackage.i72;
import defpackage.is7;
import defpackage.j42;
import defpackage.k10;
import defpackage.m0;
import defpackage.ne0;
import defpackage.o;
import defpackage.o0;
import defpackage.o6;
import defpackage.pra;
import defpackage.q0;
import defpackage.q48;
import defpackage.qr7;
import defpackage.qs8;
import defpackage.rg9;
import defpackage.t0;
import defpackage.u0;
import defpackage.u09;
import defpackage.u48;
import defpackage.u80;
import defpackage.ug9;
import defpackage.v16;
import defpackage.v48;
import defpackage.v57;
import defpackage.ws5;
import defpackage.xaa;
import defpackage.y0;
import defpackage.y53;
import defpackage.yya;
import defpackage.zn3;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.Extension;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class ProvOcspRevocationChecker implements u48 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final ws5 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private v48 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new t0("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(q48.a1, "SHA224WITHRSA");
        hashMap.put(q48.X0, "SHA256WITHRSA");
        hashMap.put(q48.Y0, "SHA384WITHRSA");
        hashMap.put(q48.Z0, "SHA512WITHRSA");
        hashMap.put(j42.m, "GOST3411WITHGOST3410");
        hashMap.put(j42.n, "GOST3411WITHECGOST3410");
        hashMap.put(bk9.g, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(bk9.h, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(u80.a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(u80.b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(u80.c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(u80.d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(u80.e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(u80.f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(y53.a, "SHA1WITHCVC-ECDSA");
        hashMap.put(y53.b, "SHA224WITHCVC-ECDSA");
        hashMap.put(y53.c, "SHA256WITHCVC-ECDSA");
        hashMap.put(y53.d, "SHA384WITHCVC-ECDSA");
        hashMap.put(y53.e, "SHA512WITHCVC-ECDSA");
        hashMap.put(ep5.a, "XMSS");
        hashMap.put(ep5.b, "XMSSMT");
        hashMap.put(new t0("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new t0("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new t0("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(gmc.G2, "SHA1WITHECDSA");
        hashMap.put(gmc.J2, "SHA224WITHECDSA");
        hashMap.put(gmc.K2, "SHA256WITHECDSA");
        hashMap.put(gmc.L2, "SHA384WITHECDSA");
        hashMap.put(gmc.M2, "SHA512WITHECDSA");
        hashMap.put(is7.h, "SHA1WITHRSA");
        hashMap.put(is7.g, "SHA1WITHDSA");
        hashMap.put(cg7.P, "SHA224WITHDSA");
        hashMap.put(cg7.Q, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, ws5 ws5Var) {
        this.parent = provRevocationChecker;
        this.helper = ws5Var;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(pra.k(publicKey.getEncoded()).b.w());
    }

    private c31 createCertID(c31 c31Var, f31 f31Var, o0 o0Var) throws CertPathValidatorException {
        return createCertID(c31Var.a, f31Var, o0Var);
    }

    /* JADX WARN: Type inference failed for: r5v7, types: [c31, java.lang.Object] */
    private c31 createCertID(de deVar, f31 f31Var, o0 o0Var) throws CertPathValidatorException {
        try {
            MessageDigest e = this.helper.e(v57.b(deVar.a));
            u0 u0Var = new u0(e.digest(f31Var.b.h.j()));
            u0 u0Var2 = new u0(e.digest(f31Var.b.i.b.w()));
            ?? obj = new Object();
            obj.a = deVar;
            obj.b = u0Var;
            obj.c = u0Var2;
            obj.d = o0Var;
            return obj;
        } catch (Exception e2) {
            throw new CertPathValidatorException("problem creating ID: " + e2, e2);
        }
    }

    private f31 extractCert() throws CertPathValidatorException {
        try {
            return f31.k(this.parameters.e.getEncoded());
        } catch (Exception e) {
            String u = dr8.u(e, new StringBuilder("cannot process signing cert: "));
            v48 v48Var = this.parameters;
            throw new CertPathValidatorException(u, e, v48Var.c, v48Var.d);
        }
    }

    private static String getDigestName(t0 t0Var) {
        String b = v57.b(t0Var);
        int indexOf = b.indexOf(45);
        if (indexOf <= 0 || b.startsWith("SHA3")) {
            return b;
        }
        return b.substring(0, indexOf) + b.substring(indexOf + 1);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v1, types: [java.lang.Object, k10] */
    /* JADX WARN: Type inference failed for: r7v2, types: [o6, java.lang.Object] */
    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        k10 k10Var;
        o6 o6Var;
        byte[] extensionValue = x509Certificate.getExtensionValue(zn3.v.a);
        if (extensionValue == null) {
            return null;
        }
        byte[] bArr = u0.v(extensionValue).a;
        if (bArr instanceof k10) {
            k10Var = (k10) bArr;
        } else if (bArr != 0) {
            y0 y = y0.y(bArr);
            ?? obj = new Object();
            if (y.size() < 1) {
                throw new IllegalArgumentException("sequence may not be empty");
            }
            obj.a = new o6[y.size()];
            for (int i = 0; i != y.size(); i++) {
                o6[] o6VarArr = obj.a;
                i0 A = y.A(i);
                t0 t0Var = o6.c;
                if (A instanceof o6) {
                    o6Var = (o6) A;
                } else if (A != null) {
                    y0 y2 = y0.y(A);
                    ?? obj2 = new Object();
                    obj2.a = null;
                    obj2.b = null;
                    if (y2.size() != 2) {
                        throw new IllegalArgumentException("wrong number of elements in sequence");
                    }
                    obj2.a = t0.y(y2.A(0));
                    obj2.b = fl4.k(y2.A(1));
                    o6Var = obj2;
                } else {
                    o6Var = null;
                }
                o6VarArr[i] = o6Var;
            }
            k10Var = obj;
        } else {
            k10Var = null;
        }
        o6[] o6VarArr2 = k10Var.a;
        int length = o6VarArr2.length;
        o6[] o6VarArr3 = new o6[length];
        System.arraycopy(o6VarArr2, 0, o6VarArr3, 0, o6VarArr2.length);
        for (int i2 = 0; i2 != length; i2++) {
            o6 o6Var2 = o6VarArr3[i2];
            if (o6.c.r(o6Var2.a)) {
                fl4 fl4Var = o6Var2.b;
                if (fl4Var.b == 6) {
                    try {
                        return new URI(((a1) fl4Var.a).e());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(de deVar) {
        i0 i0Var = deVar.b;
        t0 t0Var = deVar.a;
        if (i0Var != null && !i72.b.p(i0Var) && t0Var.r(q48.W0)) {
            return yya.s(new StringBuilder(), getDigestName(u09.k(i0Var).a.a), "WITHRSAANDMGF1");
        }
        Map map = oids;
        return map.containsKey(t0Var) ? (String) map.get(t0Var) : t0Var.a;
    }

    private static X509Certificate getSignerCert(ne0 ne0Var, X509Certificate x509Certificate, X509Certificate x509Certificate2, ws5 ws5Var) throws NoSuchProviderException, NoSuchAlgorithmException {
        q0 q0Var = ne0Var.a.c.a;
        byte[] bArr = q0Var instanceof u0 ? ((u0) q0Var).a : null;
        if (bArr != null) {
            MessageDigest e = ws5Var.e("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, calcKeyHash(e, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, calcKeyHash(e, x509Certificate.getPublicKey()))) {
                return x509Certificate;
            }
        } else {
            b80 b80Var = b80.m;
            blc k = blc.k(b80Var, q0Var instanceof u0 ? null : blc.l(q0Var));
            if (x509Certificate2 != null && k.equals(blc.k(b80Var, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && k.equals(blc.k(b80Var, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    private static boolean responderMatches(hg9 hg9Var, X509Certificate x509Certificate, ws5 ws5Var) throws NoSuchProviderException, NoSuchAlgorithmException {
        q0 q0Var = hg9Var.a;
        byte[] bArr = q0Var instanceof u0 ? ((u0) q0Var).a : null;
        if (bArr != null) {
            return Arrays.equals(bArr, calcKeyHash(ws5Var.e("SHA1"), x509Certificate.getPublicKey()));
        }
        b80 b80Var = b80.m;
        return blc.k(b80Var, q0Var instanceof u0 ? null : blc.l(q0Var)).equals(blc.k(b80Var, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(ne0 ne0Var, v48 v48Var, byte[] bArr, X509Certificate x509Certificate, ws5 ws5Var) throws CertPathValidatorException {
        try {
            y0 y0Var = ne0Var.d;
            Signature createSignature = ws5Var.createSignature(getSignatureName(ne0Var.b));
            X509Certificate signerCert = getSignerCert(ne0Var, v48Var.e, x509Certificate, ws5Var);
            if (signerCert == null && y0Var == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            ug9 ug9Var = ne0Var.a;
            int i = v48Var.d;
            CertPath certPath = v48Var.c;
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) ws5Var.y("X.509").generateCertificate(new ByteArrayInputStream(y0Var.A(0).d().getEncoded()));
                x509Certificate2.verify(v48Var.e.getPublicKey());
                x509Certificate2.checkValidity(new Date(v48Var.b.getTime()));
                if (!responderMatches(ug9Var.c, x509Certificate2, ws5Var)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, certPath, i);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(v16.c.a.a)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, certPath, i);
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(ug9Var.j());
            if (!createSignature.verify(ne0Var.c.w())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, ug9Var.f.k(bs7.b).c.a)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, certPath, i);
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(o.j(e, new StringBuilder("OCSP response failure: ")), e, v48Var.c, v48Var.d);
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException("OCSP response failure: " + e3.getMessage(), e3, v48Var.c, v48Var.d);
        }
    }

    @Override // defpackage.u48
    public void check(Certificate certificate) throws CertPathValidatorException {
        Map ocspResponses;
        URI ocspResponder;
        List ocspExtensions;
        byte[] bArr;
        boolean z;
        byte[] value;
        String id2;
        X509Certificate ocspResponderCert;
        X509Certificate ocspResponderCert2;
        List ocspExtensions2;
        URI ocspResponder2;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        ocspResponses = this.parent.getOcspResponses();
        ocspResponder = this.parent.getOcspResponder();
        if (ocspResponder == null) {
            if (this.ocspURL != null) {
                try {
                    ocspResponder = new URI(this.ocspURL);
                } catch (URISyntaxException e) {
                    String str = "configuration error: " + e.getMessage();
                    v48 v48Var = this.parameters;
                    throw new CertPathValidatorException(str, e, v48Var.c, v48Var.d);
                }
            } else {
                ocspResponder = getOcspResponderURI(x509Certificate);
            }
        }
        URI uri = ocspResponder;
        if (ocspResponses.get(x509Certificate) != null || uri == null) {
            ocspExtensions = this.parent.getOcspExtensions();
            bArr = null;
            for (int i = 0; i != ocspExtensions.size(); i++) {
                Extension i2 = qr7.i(ocspExtensions.get(i));
                value = i2.getValue();
                String str2 = bs7.b.a;
                id2 = i2.getId();
                if (str2.equals(id2)) {
                    bArr = value;
                }
            }
            z = false;
        } else {
            if (this.ocspURL == null) {
                ocspResponder2 = this.parent.getOcspResponder();
                if (ocspResponder2 == null && !this.isEnabledOCSP) {
                    v48 v48Var2 = this.parameters;
                    throw new RecoverableCertPathValidatorException("OCSP disabled by \"ocsp.enable\" setting", null, v48Var2.c, v48Var2.d);
                }
            }
            c31 createCertID = createCertID(new de(is7.f), extractCert(), new o0(x509Certificate.getSerialNumber()));
            v48 v48Var3 = this.parameters;
            ocspResponderCert2 = this.parent.getOcspResponderCert();
            ocspExtensions2 = this.parent.getOcspExtensions();
            try {
                ocspResponses.put(x509Certificate, OcspCache.getOcspResponse(createCertID, v48Var3, uri, ocspResponderCert2, ocspExtensions2, this.helper).getEncoded());
                bArr = null;
                z = true;
            } catch (IOException e2) {
                v48 v48Var4 = this.parameters;
                throw new CertPathValidatorException("unable to encode OCSP response", e2, v48Var4.c, v48Var4.d);
            }
        }
        if (ocspResponses.isEmpty()) {
            v48 v48Var5 = this.parameters;
            throw new RecoverableCertPathValidatorException("no OCSP response found for any certificate", null, v48Var5.c, v48Var5.d);
        }
        ds7 k = ds7.k(ocspResponses.get(x509Certificate));
        o0 o0Var = new o0(x509Certificate.getSerialNumber());
        if (k == null) {
            v48 v48Var6 = this.parameters;
            throw new RecoverableCertPathValidatorException("no OCSP response found for certificate", null, v48Var6.c, v48Var6.d);
        }
        es7 es7Var = k.a;
        if (es7Var.a.y() != 0) {
            String str3 = "OCSP response failed: " + es7Var.a.x();
            v48 v48Var7 = this.parameters;
            throw new CertPathValidatorException(str3, null, v48Var7.c, v48Var7.d);
        }
        rg9 k2 = rg9.k(k.b);
        if (k2.a.r(bs7.a)) {
            try {
                ne0 k3 = ne0.k(k2.b.a);
                if (!z) {
                    v48 v48Var8 = this.parameters;
                    ocspResponderCert = this.parent.getOcspResponderCert();
                    if (!validatedOcspResponse(k3, v48Var8, bArr, ocspResponderCert, this.helper)) {
                        return;
                    }
                }
                y0 y0Var = ug9.k(k3.a).e;
                c31 c31Var = null;
                for (int i3 = 0; i3 != y0Var.size(); i3++) {
                    xaa k4 = xaa.k(y0Var.A(i3));
                    if (o0Var.r(k4.a.d)) {
                        m0 m0Var = k4.d;
                        if (m0Var != null) {
                            v48 v48Var9 = this.parameters;
                            v48Var9.getClass();
                            if (new Date(v48Var9.b.getTime()).after(m0Var.x())) {
                                throw new ExtCertPathValidatorException("OCSP response expired");
                            }
                        }
                        c31 c31Var2 = k4.a;
                        if (c31Var == null || !c31Var.a.equals(c31Var2.a)) {
                            c31Var = createCertID(c31Var2, extractCert(), o0Var);
                        }
                        if (c31Var.equals(c31Var2)) {
                            d31 d31Var = k4.b;
                            int i4 = d31Var.a;
                            if (i4 == 0) {
                                return;
                            }
                            if (i4 != 1) {
                                v48 v48Var10 = this.parameters;
                                throw new CertPathValidatorException("certificate revoked, details unknown", null, v48Var10.c, v48Var10.d);
                            }
                            hi9 k5 = hi9.k(d31Var.b);
                            String str4 = "certificate revoked, reason=(" + k5.b + "), date=" + k5.a.x();
                            v48 v48Var11 = this.parameters;
                            throw new CertPathValidatorException(str4, null, v48Var11.c, v48Var11.d);
                        }
                    }
                }
            } catch (CertPathValidatorException e3) {
                throw e3;
            } catch (Exception e4) {
                v48 v48Var12 = this.parameters;
                throw new CertPathValidatorException("unable to process OCSP response", e4, v48Var12.c, v48Var12.d);
            }
        }
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = qs8.b("ocsp.enable");
        this.ocspURL = qs8.a("ocsp.responderURL");
    }

    @Override // defpackage.u48
    public void initialize(v48 v48Var) {
        this.parameters = v48Var;
        this.isEnabledOCSP = qs8.b("ocsp.enable");
        this.ocspURL = qs8.a("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void setParameter(String str, Object obj) {
    }
}
