package io.netty.handler.ssl.ocsp;

import Af.e;
import Af.j;
import Af.k;
import If.C0531a;
import If.C0532b;
import If.E;
import If.g;
import If.i;
import If.o;
import If.p;
import If.r;
import Mf.a;
import Mf.b;
import Mf.f;
import com.google.android.gms.gcm.Task;
import io.netty.bootstrap.Bootstrap;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelFactory;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOption;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.EventLoop;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.http.DefaultFullHttpRequest;
import io.netty.handler.codec.http.HttpClientCodec;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.resolver.dns.DnsNameResolver;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.FutureListener;
import io.netty.util.concurrent.GenericFutureListener;
import io.netty.util.concurrent.Promise;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Vector;
import nf.AbstractC1850s;
import nf.AbstractC1853v;
import nf.AbstractC1857z;
import nf.C;
import nf.C1842m0;
import nf.C1852u;
import nf.InterfaceC1827f;
import onnotv.C1943f;
import rg.C2206c;
import rg.d;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public final class OcspClient {
    private static final int OCSP_RESPONSE_MAX_SIZE;
    private static final SecureRandom SECURE_RANDOM;
    private static final InternalLogger logger;

    /* loaded from: classes3.dex */
    public static final class Initializer extends ChannelInitializer<SocketChannel> {
        private final Promise<f> responsePromise;

        public Initializer(Promise<f> promise) {
            this.responsePromise = (Promise) ObjectUtil.checkNotNull(promise, C1943f.a(39093));
        }

        @Override // io.netty.channel.ChannelInitializer
        public void initChannel(SocketChannel socketChannel) {
            ChannelPipeline pipeline = socketChannel.pipeline();
            pipeline.addLast(new HttpClientCodec());
            pipeline.addLast(new HttpObjectAggregator(OcspClient.OCSP_RESPONSE_MAX_SIZE));
            pipeline.addLast(new OcspHttpHandler(this.responsePromise));
        }
    }

    static {
        InternalLogger internalLoggerFactory = InternalLoggerFactory.getInstance((Class<?>) OcspClient.class);
        logger = internalLoggerFactory;
        SECURE_RANDOM = new SecureRandom();
        int i6 = SystemPropertyUtil.getInt(C1943f.a(6224), Task.EXTRAS_LIMIT_BYTES);
        OCSP_RESPONSE_MAX_SIZE = i6;
        internalLoggerFactory.debug(C1943f.a(6225), Integer.valueOf(i6));
    }

    private OcspClient() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Type inference failed for: r2v3, types: [If.g, nf.s] */
    /* JADX WARN: Type inference failed for: r8v2, types: [If.a, nf.s] */
    public static String parseOcspUrlFromCertificate(X509Certificate x509Certificate) {
        o j9;
        C0531a c0531a;
        try {
            p pVar = i.j(x509Certificate.getEncoded()).f3135b.f3092l;
            g gVar = null;
            AbstractC1857z j10 = (pVar == null || (j9 = pVar.j(o.f3160j)) == null) ? null : j9.j();
            if (j10 instanceof g) {
                gVar = (g) j10;
            } else if (j10 != null) {
                C v = C.v(j10);
                ?? abstractC1850s = new AbstractC1850s();
                if (v.size() < 1) {
                    throw new IllegalArgumentException(C1943f.a(6227));
                }
                abstractC1850s.f3130a = new C0531a[v.size()];
                for (int i6 = 0; i6 != v.size(); i6++) {
                    C0531a[] c0531aArr = abstractC1850s.f3130a;
                    InterfaceC1827f y = v.y(i6);
                    int i10 = C0531a.f3111c;
                    if (y instanceof C0531a) {
                        c0531a = (C0531a) y;
                    } else if (y != null) {
                        C v2 = C.v(y);
                        ?? abstractC1850s2 = new AbstractC1850s();
                        abstractC1850s2.f3112a = null;
                        abstractC1850s2.f3113b = null;
                        if (v2.size() != 2) {
                            throw new IllegalArgumentException(C1943f.a(6226));
                        }
                        abstractC1850s2.f3112a = C1852u.y(v2.y(0));
                        abstractC1850s2.f3113b = r.j(v2.y(1));
                        c0531a = abstractC1850s2;
                    } else {
                        c0531a = null;
                    }
                    c0531aArr[i6] = c0531a;
                }
                gVar = abstractC1850s;
            }
            C0531a[] c0531aArr2 = gVar.f3130a;
            int length = c0531aArr2.length;
            C0531a[] c0531aArr3 = new C0531a[length];
            System.arraycopy(c0531aArr2, 0, c0531aArr3, 0, c0531aArr2.length);
            for (int i11 = 0; i11 < length; i11++) {
                C0531a c0531a2 = c0531aArr3[i11];
                if (c0531a2.f3112a.o(E.f3110e)) {
                    return c0531a2.f3113b.f3173a.b().toString();
                }
            }
            throw new NullPointerException(C1943f.a(6228));
        } catch (CertificateEncodingException e10) {
            throw new IllegalArgumentException(C1943f.a(6229), e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Promise<f> query(EventLoop eventLoop, final ByteBuf byteBuf, final String str, final int i6, final String str2, IoTransport ioTransport, DnsNameResolver dnsNameResolver) {
        final Promise<f> newPromise = eventLoop.newPromise();
        try {
            Bootstrap group = new Bootstrap().group(ioTransport.eventLoop());
            ChannelOption<Boolean> channelOption = ChannelOption.TCP_NODELAY;
            Boolean bool = Boolean.TRUE;
            final Bootstrap handler = group.option(channelOption, bool).channelFactory((ChannelFactory) ioTransport.socketChannel()).attr(OcspServerCertificateValidator.OCSP_PIPELINE_ATTRIBUTE, bool).handler(new Initializer(newPromise));
            dnsNameResolver.resolve(str).addListener(new FutureListener<InetAddress>() { // from class: io.netty.handler.ssl.ocsp.OcspClient.2
                @Override // io.netty.util.concurrent.GenericFutureListener
                public void operationComplete(Future<InetAddress> future) throws Exception {
                    if (!future.isSuccess()) {
                        newPromise.tryFailure(future.cause());
                        return;
                    }
                    final ChannelFuture connect = Bootstrap.this.connect(future.get(), i6);
                    connect.addListener((GenericFutureListener<? extends Future<? super Void>>) new ChannelFutureListener() { // from class: io.netty.handler.ssl.ocsp.OcspClient.2.1
                        @Override // io.netty.util.concurrent.GenericFutureListener
                        public void operationComplete(ChannelFuture channelFuture) {
                            if (!channelFuture.isSuccess()) {
                                newPromise.tryFailure(new IllegalStateException(C1943f.a(4257), channelFuture.cause()));
                                return;
                            }
                            HttpVersion httpVersion = HttpVersion.HTTP_1_1;
                            HttpMethod httpMethod = HttpMethod.POST;
                            AnonymousClass2 anonymousClass2 = AnonymousClass2.this;
                            DefaultFullHttpRequest defaultFullHttpRequest = new DefaultFullHttpRequest(httpVersion, httpMethod, str2, byteBuf);
                            defaultFullHttpRequest.headers().add(HttpHeaderNames.HOST, str);
                            defaultFullHttpRequest.headers().add(HttpHeaderNames.USER_AGENT, C1943f.a(4254));
                            defaultFullHttpRequest.headers().add(HttpHeaderNames.CONTENT_TYPE, C1943f.a(4255));
                            defaultFullHttpRequest.headers().add(HttpHeaderNames.ACCEPT_ENCODING, C1943f.a(4256));
                            defaultFullHttpRequest.headers().add(HttpHeaderNames.CONTENT_LENGTH, Integer.valueOf(byteBuf.readableBytes()));
                            connect.channel().writeAndFlush(defaultFullHttpRequest);
                        }
                    });
                }
            });
        } catch (Exception e10) {
            newPromise.tryFailure(e10);
        }
        return newPromise;
    }

    public static Promise<a> query(final X509Certificate x509Certificate, final X509Certificate x509Certificate2, final boolean z, final IoTransport ioTransport, final DnsNameResolver dnsNameResolver) {
        final EventLoop eventLoop = ioTransport.eventLoop();
        final Promise<a> newPromise = eventLoop.newPromise();
        eventLoop.execute(new Runnable() { // from class: io.netty.handler.ssl.ocsp.OcspClient.1
            /* JADX WARN: Type inference failed for: r1v5, types: [If.p, nf.s] */
            /* JADX WARN: Type inference failed for: r2v5, types: [Mf.e, java.lang.Object] */
            /* JADX WARN: Type inference failed for: r3v0, types: [ig.a, java.lang.Object] */
            /* JADX WARN: Type inference failed for: r3v7, types: [nf.v, nf.m0] */
            /* JADX WARN: Type inference failed for: r4v1, types: [java.io.OutputStream, rg.f$a] */
            /* JADX WARN: Type inference failed for: r5v0, types: [Mf.e$a, java.lang.Object] */
            @Override // java.lang.Runnable
            public void run() {
                try {
                    rg.g gVar = new rg.g(new Object());
                    C0532b c0532b = b.f4430b;
                    try {
                        MessageDigest a10 = gVar.a(c0532b);
                        ?? outputStream = new OutputStream();
                        outputStream.f24189a = a10;
                        b bVar = new b(new d(c0532b, outputStream), new Lf.d(x509Certificate2), x509Certificate.getSerialNumber());
                        ?? obj = new Object();
                        ArrayList arrayList = new ArrayList();
                        obj.f4433a = arrayList;
                        obj.f4434b = null;
                        ?? obj2 = new Object();
                        obj2.f4435a = bVar;
                        obj2.f4436b = null;
                        arrayList.add(obj2);
                        byte[] bArr = new byte[16];
                        OcspClient.SECURE_RANDOM.nextBytes(bArr);
                        final ?? abstractC1853v = new AbstractC1853v(bArr);
                        o oVar = new o(Af.d.f103b, false, abstractC1853v);
                        ?? abstractC1850s = new AbstractC1850s();
                        Hashtable hashtable = new Hashtable();
                        abstractC1850s.f3168a = hashtable;
                        Vector vector = new Vector();
                        abstractC1850s.f3169b = vector;
                        vector.addElement(oVar.f3165a);
                        hashtable.put(oVar.f3165a, oVar);
                        obj.f4434b = abstractC1850s;
                        URL url = new URL(OcspClient.parseOcspUrlFromCertificate(x509Certificate));
                        int port = url.getPort();
                        if (port == -1) {
                            port = url.getDefaultPort();
                        }
                        int i6 = port;
                        String path = url.getPath();
                        if (path.isEmpty()) {
                            path = C1943f.a(11982);
                        } else if (url.getQuery() != null) {
                            path = path + '?' + url.getQuery();
                        }
                        OcspClient.query(eventLoop, Unpooled.wrappedBuffer(((e) obj.a().f2225a).getEncoded()), url.getHost(), i6, path, ioTransport, dnsNameResolver).addListener((GenericFutureListener) new GenericFutureListener<Future<f>>() { // from class: io.netty.handler.ssl.ocsp.OcspClient.1.1
                            /* JADX WARN: Type inference failed for: r1v6, types: [Mf.a, java.lang.Object] */
                            @Override // io.netty.util.concurrent.GenericFutureListener
                            public void operationComplete(Future<f> future) throws Exception {
                                Object obj3;
                                if (!future.isSuccess()) {
                                    newPromise.tryFailure(future.cause());
                                    return;
                                }
                                j jVar = future.get().f4437a.f106b;
                                if (jVar == null) {
                                    obj3 = null;
                                } else {
                                    boolean o9 = jVar.f111a.o(Af.d.f102a);
                                    AbstractC1853v abstractC1853v2 = jVar.f112b;
                                    obj3 = abstractC1853v2;
                                    if (o9) {
                                        try {
                                            Af.a j9 = Af.a.j(AbstractC1857z.p(abstractC1853v2.f22001a));
                                            ?? obj4 = new Object();
                                            obj4.f4427a = j9;
                                            k kVar = j9.f92a;
                                            obj4.f4428b = kVar;
                                            obj4.f4429c = p.k(kVar.f119f);
                                            obj3 = obj4;
                                        } catch (Exception e10) {
                                            throw new Mf.d(C1943f.a(378) + e10, e10);
                                        }
                                    }
                                }
                                AnonymousClass1 anonymousClass1 = AnonymousClass1.this;
                                OcspClient.validateResponse(newPromise, (a) obj3, abstractC1853v, x509Certificate2, z);
                            }
                        });
                    } catch (GeneralSecurityException e10) {
                        throw new qg.g(C1943f.a(11983) + e10, e10);
                    }
                } catch (Exception e11) {
                    newPromise.tryFailure(e11);
                }
            }
        });
        return newPromise;
    }

    private static void validateNonce(a aVar, C1842m0 c1842m0) throws Mf.d {
        C1852u c1852u = Af.d.f103b;
        p pVar = aVar.f4429c;
        o j9 = pVar != null ? pVar.j(c1852u) : null;
        if (j9 == null) {
            throw new IllegalArgumentException(C1943f.a(6231));
        }
        if (!((C1842m0) j9.f3167c).o(c1842m0)) {
            throw new Exception(C1943f.a(6230));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validateResponse(Promise<a> promise, a aVar, C1842m0 c1842m0, X509Certificate x509Certificate, boolean z) {
        String a10 = C1943f.a(6232);
        try {
            int length = aVar.a().length;
            if (length != 1) {
                throw new IllegalArgumentException(a10 + length);
            }
            if (z) {
                validateNonce(aVar, c1842m0);
            }
            validateSignature(aVar, x509Certificate);
            promise.trySuccess(aVar);
        } catch (Exception e10) {
            promise.tryFailure(e10);
        }
    }

    private static void validateSignature(a aVar, X509Certificate x509Certificate) throws Mf.d {
        try {
            if (aVar.b(new C2206c().a(x509Certificate))) {
            } else {
                throw new Exception(C1943f.a(6233));
            }
        } catch (qg.g e10) {
            throw new Mf.d(C1943f.a(6234), e10);
        }
    }
}
