package org.bouncycastle.jce.provider;

import c7.InterfaceC2764a;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import m7.InterfaceC5715a;
import o7.InterfaceC5832a;
import org.bouncycastle.asn1.C5918u;
import org.bouncycastle.asn1.C5955z;
import org.bouncycastle.asn1.G0;
import org.bouncycastle.asn1.I0;
import org.bouncycastle.asn1.InterfaceC5883h;
import org.bouncycastle.asn1.InterfaceC5887j;
import org.bouncycastle.asn1.x509.C5926a;
import org.bouncycastle.asn1.x509.C5928b;
import org.bouncycastle.asn1.x509.C5935h;
import org.bouncycastle.asn1.x509.C5942o;
import org.bouncycastle.asn1.x509.C5951y;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class O implements org.bouncycastle.jcajce.p {

    /* renamed from: f, reason: collision with root package name */
    private static final int f89314f = 15000;

    /* renamed from: g, reason: collision with root package name */
    private static final int f89315g = 32768;

    /* renamed from: h, reason: collision with root package name */
    private static final Map f89316h;

    /* renamed from: a, reason: collision with root package name */
    private final P f89317a;

    /* renamed from: b, reason: collision with root package name */
    private final org.bouncycastle.jcajce.util.f f89318b;

    /* renamed from: c, reason: collision with root package name */
    private org.bouncycastle.jcajce.q f89319c;

    /* renamed from: d, reason: collision with root package name */
    private boolean f89320d;

    /* renamed from: e, reason: collision with root package name */
    private String f89321e;

    static {
        HashMap hashMap = new HashMap();
        f89316h = hashMap;
        hashMap.put(new C5955z("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(org.bouncycastle.asn1.pkcs.s.f84354b2, "SHA224WITHRSA");
        hashMap.put(org.bouncycastle.asn1.pkcs.s.f84345Y1, "SHA256WITHRSA");
        hashMap.put(org.bouncycastle.asn1.pkcs.s.f84348Z1, "SHA384WITHRSA");
        hashMap.put(org.bouncycastle.asn1.pkcs.s.f84351a2, "SHA512WITHRSA");
        hashMap.put(org.bouncycastle.asn1.cryptopro.a.f83806n, "GOST3411WITHGOST3410");
        hashMap.put(org.bouncycastle.asn1.cryptopro.a.f83807o, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC2764a.f32813i, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC2764a.f32814j, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC5715a.f81062d, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC5715a.f81063e, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC5715a.f81064f, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC5715a.f81065g, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC5715a.f81066h, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC5715a.f81067i, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC5832a.f82176s, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC5832a.f82177t, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC5832a.f82178u, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC5832a.f82179v, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC5832a.f82180w, "SHA512WITHCVC-ECDSA");
        hashMap.put(V6.a.f2814a, "XMSS");
        hashMap.put(V6.a.f2815b, "XMSSMT");
        hashMap.put(new C5955z("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C5955z("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C5955z("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(org.bouncycastle.asn1.x9.r.f85452C5, "SHA1WITHECDSA");
        hashMap.put(org.bouncycastle.asn1.x9.r.f85460G5, "SHA224WITHECDSA");
        hashMap.put(org.bouncycastle.asn1.x9.r.f85462H5, "SHA256WITHECDSA");
        hashMap.put(org.bouncycastle.asn1.x9.r.f85464I5, "SHA384WITHECDSA");
        hashMap.put(org.bouncycastle.asn1.x9.r.f85466J5, "SHA512WITHECDSA");
        hashMap.put(org.bouncycastle.asn1.oiw.b.f84202k, "SHA1WITHRSA");
        hashMap.put(org.bouncycastle.asn1.oiw.b.f84201j, "SHA1WITHDSA");
        hashMap.put(org.bouncycastle.asn1.nist.d.f84080X, "SHA224WITHDSA");
        hashMap.put(org.bouncycastle.asn1.nist.d.f84081Y, "SHA256WITHDSA");
    }

    public O(P p8, org.bouncycastle.jcajce.util.f fVar) {
        this.f89317a = p8;
        this.f89318b = fVar;
    }

    private static byte[] c(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(org.bouncycastle.asn1.x509.e0.I(publicKey.getEncoded()).L().Q());
    }

    private org.bouncycastle.asn1.ocsp.b d(org.bouncycastle.asn1.ocsp.b bVar, C5942o c5942o, C5918u c5918u) throws CertPathValidatorException {
        return e(bVar.G(), c5942o, c5918u);
    }

    private org.bouncycastle.asn1.ocsp.b e(C5928b c5928b, C5942o c5942o, C5918u c5918u) throws CertPathValidatorException {
        try {
            MessageDigest b8 = this.f89318b.b(org.bouncycastle.jcajce.util.h.a(c5928b.G()));
            return new org.bouncycastle.asn1.ocsp.b(c5928b, new I0(b8.digest(c5942o.O().E(InterfaceC5887j.f83965a))), new I0(b8.digest(c5942o.P().L().Q())), c5918u);
        } catch (Exception e8) {
            throw new CertPathValidatorException("problem creating ID: " + e8, e8);
        }
    }

    private C5942o f() throws CertPathValidatorException {
        try {
            return C5942o.H(this.f89319c.d().getEncoded());
        } catch (Exception e8) {
            throw new CertPathValidatorException("cannot process signing cert: " + e8.getMessage(), e8, this.f89319c.a(), this.f89319c.b());
        }
    }

    private static String g(C5955z c5955z) {
        String a8 = org.bouncycastle.jcajce.util.h.a(c5955z);
        int indexOf = a8.indexOf(45);
        if (indexOf <= 0 || a8.startsWith("SHA3")) {
            return a8;
        }
        return a8.substring(0, indexOf) + a8.substring(indexOf + 1);
    }

    static URI h(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C5951y.f85295A.b0());
        if (extensionValue == null) {
            return null;
        }
        C5926a[] I8 = C5935h.J(org.bouncycastle.asn1.A.Q(extensionValue).T()).I();
        for (int i8 = 0; i8 != I8.length; i8++) {
            C5926a c5926a = I8[i8];
            if (C5926a.f84982d.L(c5926a.H())) {
                org.bouncycastle.asn1.x509.B G8 = c5926a.G();
                if (G8.k() == 6) {
                    try {
                        return new URI(((org.bouncycastle.asn1.M) G8.J()).o());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String i(C5928b c5928b) {
        InterfaceC5883h J8 = c5928b.J();
        if (J8 == null || G0.f83725b.K(J8) || !c5928b.G().L(org.bouncycastle.asn1.pkcs.s.f84342X1)) {
            Map map = f89316h;
            boolean containsKey = map.containsKey(c5928b.G());
            C5955z G8 = c5928b.G();
            return containsKey ? (String) map.get(G8) : G8.b0();
        }
        return g(org.bouncycastle.asn1.pkcs.A.H(J8).G().G()) + "WITHRSAANDMGF1";
    }

    private static X509Certificate j(org.bouncycastle.asn1.ocsp.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2, org.bouncycastle.jcajce.util.f fVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        org.bouncycastle.asn1.ocsp.j J8 = aVar.L().J();
        byte[] I8 = J8.I();
        if (I8 != null) {
            MessageDigest b8 = fVar.b("SHA1");
            if (x509Certificate2 != null && org.bouncycastle.util.a.g(I8, c(b8, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !org.bouncycastle.util.a.g(I8, c(b8, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        org.bouncycastle.asn1.x500.f fVar2 = org.bouncycastle.asn1.x500.style.b.f84739R;
        org.bouncycastle.asn1.x500.d K8 = org.bouncycastle.asn1.x500.d.K(fVar2, J8.J());
        if (x509Certificate2 != null && K8.equals(org.bouncycastle.asn1.x500.d.K(fVar2, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !K8.equals(org.bouncycastle.asn1.x500.d.K(fVar2, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean o(org.bouncycastle.asn1.ocsp.j jVar, X509Certificate x509Certificate, org.bouncycastle.jcajce.util.f fVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] I8 = jVar.I();
        if (I8 != null) {
            return org.bouncycastle.util.a.g(I8, c(fVar.b("SHA1"), x509Certificate.getPublicKey()));
        }
        org.bouncycastle.asn1.x500.f fVar2 = org.bouncycastle.asn1.x500.style.b.f84739R;
        return org.bouncycastle.asn1.x500.d.K(fVar2, jVar.J()).equals(org.bouncycastle.asn1.x500.d.K(fVar2, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean p(org.bouncycastle.asn1.ocsp.a aVar, org.bouncycastle.jcajce.q qVar, byte[] bArr, X509Certificate x509Certificate, org.bouncycastle.jcajce.util.f fVar) throws CertPathValidatorException {
        try {
            org.bouncycastle.asn1.H G8 = aVar.G();
            Signature a8 = fVar.a(i(aVar.K()));
            X509Certificate j8 = j(aVar, qVar.d(), x509Certificate, fVar);
            if (j8 == null && G8 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (j8 != null) {
                a8.initVerify(j8.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) fVar.i("X.509").generateCertificate(new ByteArrayInputStream(G8.U(0).m().getEncoded()));
                x509Certificate2.verify(qVar.d().getPublicKey());
                x509Certificate2.checkValidity(qVar.e());
                if (!o(aVar.L().J(), x509Certificate2, fVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, qVar.a(), qVar.b());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(org.bouncycastle.asn1.x509.J.f84916l.G())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, qVar.a(), qVar.b());
                }
                a8.initVerify(x509Certificate2);
            }
            a8.update(aVar.L().E(InterfaceC5887j.f83965a));
            if (!a8.verify(aVar.J().Q())) {
                return false;
            }
            if (bArr != null && !org.bouncycastle.util.a.g(bArr, aVar.L().K().I(org.bouncycastle.asn1.ocsp.e.f84141c).J().T())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, qVar.a(), qVar.b());
            }
            return true;
        } catch (IOException e8) {
            throw new CertPathValidatorException("OCSP response failure: " + e8.getMessage(), e8, qVar.a(), qVar.b());
        } catch (CertPathValidatorException e9) {
            throw e9;
        } catch (GeneralSecurityException e10) {
            throw new CertPathValidatorException("OCSP response failure: " + e10.getMessage(), e10, qVar.a(), qVar.b());
        }
    }

    @Override // org.bouncycastle.jcajce.p
    public void a(String str, Object obj) {
    }

    @Override // org.bouncycastle.jcajce.p
    public void b(org.bouncycastle.jcajce.q qVar) {
        this.f89319c = qVar;
        this.f89320d = org.bouncycastle.util.q.d("ocsp.enable");
        this.f89321e = org.bouncycastle.util.q.c("ocsp.responderURL");
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01ac, code lost:
    
        if (r0.G().equals(r1.G().G()) != false) goto L71;
     */
    @Override // org.bouncycastle.jcajce.p
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 669
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.O.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> k() {
        return null;
    }

    public Set<String> l() {
        return null;
    }

    public void m(boolean z8) throws CertPathValidatorException {
        if (z8) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f89319c = null;
        this.f89320d = org.bouncycastle.util.q.d("ocsp.enable");
        this.f89321e = org.bouncycastle.util.q.c("ocsp.responderURL");
    }

    public boolean n() {
        return false;
    }
}
