package org.bouncycastle.jce.provider;

import defpackage.C0227;
import defpackage.C0253;
import defpackage.C0280;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.isara.IsaraObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.CertID;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.ResponderID;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStrictStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.internal.asn1.bsi.BSIObjectIdentifiers;
import org.bouncycastle.internal.asn1.eac.EACObjectIdentifiers;
import org.bouncycastle.jcajce.PKIXCertRevocationChecker;
import org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jcajce.util.MessageDigestUtils;
import org.bouncycastle.util.Properties;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class ProvOcspRevocationChecker implements PKIXCertRevocationChecker {

    /* renamed from: ㄳ, reason: contains not printable characters */
    public static final HashMap f42935;

    /* renamed from: ޝ, reason: contains not printable characters */
    public PKIXCertRevocationCheckerParameters f42936;

    /* renamed from: ጧ, reason: contains not printable characters */
    public String f42937;

    /* renamed from: ᔽ, reason: contains not printable characters */
    public final JcaJceHelper f42938;

    /* renamed from: 㙈, reason: contains not printable characters */
    public final ProvRevocationChecker f42939;

    /* renamed from: 䎘, reason: contains not printable characters */
    public boolean f42940;

    static {
        HashMap hashMap = new HashMap();
        f42935 = hashMap;
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.f39758, "SHA224WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.f39725, "SHA256WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.f39734, "SHA384WITHRSA");
        hashMap.put(PKCSObjectIdentifiers.f39732, "SHA512WITHRSA");
        hashMap.put(CryptoProObjectIdentifiers.f39411, "GOST3411WITHGOST3410");
        hashMap.put(CryptoProObjectIdentifiers.f39396, "GOST3411WITHECGOST3410");
        hashMap.put(RosstandartObjectIdentifiers.f39854, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(RosstandartObjectIdentifiers.f39845, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(BSIObjectIdentifiers.f42089, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f42096, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f42088, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f42095, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f42092, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(BSIObjectIdentifiers.f42098, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(EACObjectIdentifiers.f42109, "SHA1WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f42112, "SHA224WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f42108, "SHA256WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f42111, "SHA384WITHCVC-ECDSA");
        hashMap.put(EACObjectIdentifiers.f42110, "SHA512WITHCVC-ECDSA");
        hashMap.put(IsaraObjectIdentifiers.f39507, "XMSS");
        hashMap.put(IsaraObjectIdentifiers.f39508, "XMSSMT");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(X9ObjectIdentifiers.f40366, "SHA1WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.f40357, "SHA224WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.f40362, "SHA256WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.f40361, "SHA384WITHECDSA");
        hashMap.put(X9ObjectIdentifiers.f40345, "SHA512WITHECDSA");
        hashMap.put(OIWObjectIdentifiers.f39684, "SHA1WITHRSA");
        hashMap.put(OIWObjectIdentifiers.f39678, "SHA1WITHDSA");
        hashMap.put(NISTObjectIdentifiers.f39588, "SHA224WITHDSA");
        hashMap.put(NISTObjectIdentifiers.f39582, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, JcaJceHelper jcaJceHelper) {
        this.f42939 = provRevocationChecker;
        this.f42938 = jcaJceHelper;
    }

    /* renamed from: ፉ, reason: contains not printable characters */
    public static boolean m21137(BasicOCSPResponse basicOCSPResponse, PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters, byte[] bArr, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) {
        try {
            ASN1Sequence aSN1Sequence = basicOCSPResponse.f39638;
            Signature mo21071 = jcaJceHelper.mo21071(m21138(basicOCSPResponse.f39636));
            X509Certificate m21141 = m21141(basicOCSPResponse, pKIXCertRevocationCheckerParameters.f42149, x509Certificate, jcaJceHelper);
            if (m21141 == null && aSN1Sequence == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (m21141 != null) {
                mo21071.initVerify(m21141.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) jcaJceHelper.mo21077("X.509").generateCertificate(new ByteArrayInputStream(aSN1Sequence.mo19818(0).mo19729().getEncoded()));
                x509Certificate2.verify(pKIXCertRevocationCheckerParameters.f42149.getPublicKey());
                x509Certificate2.checkValidity(pKIXCertRevocationCheckerParameters.m20812());
                if (!m21140(basicOCSPResponse.f39637.f39658, x509Certificate2, jcaJceHelper)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, pKIXCertRevocationCheckerParameters.f42147, pKIXCertRevocationCheckerParameters.f42150);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(KeyPurposeId.f40177.f40181.f39182)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, pKIXCertRevocationCheckerParameters.f42147, pKIXCertRevocationCheckerParameters.f42150);
                }
                mo21071.initVerify(x509Certificate2);
            }
            mo21071.update(basicOCSPResponse.f39637.m19777("DER"));
            if (!mo21071.verify(basicOCSPResponse.f39635.m19718())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, basicOCSPResponse.f39637.f39661.m19997(OCSPObjectIdentifiers.f39646).f40149.f39187)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, pKIXCertRevocationCheckerParameters.f42147, pKIXCertRevocationCheckerParameters.f42150);
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C0227.m22826(e, C0280.m22881("OCSP response failure: ")), e, pKIXCertRevocationCheckerParameters.f42147, pKIXCertRevocationCheckerParameters.f42150);
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            StringBuilder m22881 = C0280.m22881("OCSP response failure: ");
            m22881.append(e3.getMessage());
            throw new CertPathValidatorException(m22881.toString(), e3, pKIXCertRevocationCheckerParameters.f42147, pKIXCertRevocationCheckerParameters.f42150);
        }
    }

    /* renamed from: 㮳, reason: contains not printable characters */
    public static String m21138(AlgorithmIdentifier algorithmIdentifier) {
        ASN1Encodable aSN1Encodable = algorithmIdentifier.f40071;
        if (aSN1Encodable == null || DERNull.f39251.m19804(aSN1Encodable) || !algorithmIdentifier.f40072.m19805(PKCSObjectIdentifiers.f39772)) {
            HashMap hashMap = f42935;
            return hashMap.containsKey(algorithmIdentifier.f40072) ? (String) hashMap.get(algorithmIdentifier.f40072) : algorithmIdentifier.f40072.f39182;
        }
        RSASSAPSSparams m19921 = RSASSAPSSparams.m19921(aSN1Encodable);
        StringBuilder sb = new StringBuilder();
        String m21078 = MessageDigestUtils.m21078(m19921.f39831.f40072);
        int indexOf = m21078.indexOf(45);
        if (indexOf > 0 && !m21078.startsWith("SHA3")) {
            m21078 = m21078.substring(0, indexOf) + m21078.substring(indexOf + 1);
        }
        return C0253.m22871(sb, m21078, "WITHRSAANDMGF1");
    }

    /* renamed from: 㴯, reason: contains not printable characters */
    public static byte[] m21139(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(SubjectPublicKeyInfo.m20027(publicKey.getEncoded()).f40208.m19718());
    }

    /* renamed from: 㷻, reason: contains not printable characters */
    public static boolean m21140(ResponderID responderID, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) {
        ASN1Object aSN1Object = responderID.f39654;
        boolean z = aSN1Object instanceof ASN1OctetString;
        byte[] bArr = z ? ((ASN1OctetString) aSN1Object).f39187 : null;
        if (bArr != null) {
            return Arrays.equals(bArr, m21139(jcaJceHelper.mo21075("SHA1"), x509Certificate.getPublicKey()));
        }
        BCStrictStyle bCStrictStyle = BCStrictStyle.f40041;
        return X500Name.m19949(bCStrictStyle, z ? null : X500Name.m19950(aSN1Object)).equals(X500Name.m19949(bCStrictStyle, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    /* renamed from: 㹉, reason: contains not printable characters */
    public static X509Certificate m21141(BasicOCSPResponse basicOCSPResponse, X509Certificate x509Certificate, X509Certificate x509Certificate2, JcaJceHelper jcaJceHelper) {
        ASN1Object aSN1Object = basicOCSPResponse.f39637.f39658.f39654;
        boolean z = aSN1Object instanceof ASN1OctetString;
        byte[] bArr = z ? ((ASN1OctetString) aSN1Object).f39187 : null;
        if (bArr != null) {
            MessageDigest mo21075 = jcaJceHelper.mo21075("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, m21139(mo21075, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, m21139(mo21075, x509Certificate.getPublicKey()))) {
                return x509Certificate;
            }
        } else {
            BCStrictStyle bCStrictStyle = BCStrictStyle.f40041;
            X500Name m19949 = X500Name.m19949(bCStrictStyle, z ? null : X500Name.m19950(aSN1Object));
            if (x509Certificate2 != null && m19949.equals(X500Name.m19949(bCStrictStyle, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && m19949.equals(X500Name.m19949(bCStrictStyle, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    /* JADX WARN: Code restructure failed: missing block: B:108:0x03fd, code lost:
    
        if (r2.f39641.equals(r4.f39669.f39641) != false) goto L161;
     */
    /* JADX WARN: Code restructure failed: missing block: B:175:0x0245, code lost:
    
        r15 = r6;
        r11 = org.bouncycastle.asn1.ocsp.OCSPResponse.m19895(r8.toByteArray());
     */
    /* JADX WARN: Code restructure failed: missing block: B:177:0x0256, code lost:
    
        if (r11.f39650.f39651.m19738() != 0) goto L112;
     */
    /* JADX WARN: Code restructure failed: missing block: B:178:0x0258, code lost:
    
        r1 = org.bouncycastle.asn1.ocsp.ResponseBytes.m19896(r11.f39649);
     */
    /* JADX WARN: Code restructure failed: missing block: B:179:0x0266, code lost:
    
        if (r1.f39656.m19805(org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers.f39645) == false) goto L96;
     */
    /* JADX WARN: Code restructure failed: missing block: B:180:0x027c, code lost:
    
        r5 = r15;
        r1 = false;
     */
    /* JADX WARN: Code restructure failed: missing block: B:181:0x027e, code lost:
    
        if (r1 == false) goto L109;
     */
    /* JADX WARN: Code restructure failed: missing block: B:182:0x0280, code lost:
    
        r1 = org.bouncycastle.jce.provider.OcspCache.f42907.get(r3);
     */
    /* JADX WARN: Code restructure failed: missing block: B:183:0x0288, code lost:
    
        if (r1 == null) goto L101;
     */
    /* JADX WARN: Code restructure failed: missing block: B:184:0x028a, code lost:
    
        r1.get().put(r4, r11);
     */
    /* JADX WARN: Code restructure failed: missing block: B:185:0x0294, code lost:
    
        r1 = new java.util.HashMap();
        r1.put(r4, r11);
        org.bouncycastle.jce.provider.OcspCache.f42907.put(r3, new java.lang.ref.WeakReference<>(r1));
     */
    /* JADX WARN: Code restructure failed: missing block: B:188:0x02d5, code lost:
    
        throw new java.security.cert.CertPathValidatorException("OCSP response failed to validate", null, r5.f42147, r5.f42150);
     */
    /* JADX WARN: Code restructure failed: missing block: B:191:0x0270, code lost:
    
        r5 = r15;
     */
    /* JADX WARN: Code restructure failed: missing block: B:193:0x0271, code lost:
    
        r1 = m21137(org.bouncycastle.asn1.ocsp.BasicOCSPResponse.m19894(r1.f39655.f39187), r5, r13, r7, r9);
        r5 = r5;
     */
    /* JADX WARN: Code restructure failed: missing block: B:194:0x02c5, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:197:0x0276, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:198:0x0277, code lost:
    
        r5 = r15;
     */
    /* JADX WARN: Code restructure failed: missing block: B:200:0x02fc, code lost:
    
        throw new java.security.cert.CertPathValidatorException("OCSP responder failed: " + r11.f39650.f39651.m19737(), null, r15.f42147, r15.f42150);
     */
    /* JADX WARN: Code restructure failed: missing block: B:201:0x02fd, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:74:0x014d, code lost:
    
        if (r11 != null) goto L196;
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v28, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r3v24, types: [byte[], java.lang.Object] */
    /* JADX WARN: Type inference failed for: r5v15 */
    /* JADX WARN: Type inference failed for: r5v16, types: [org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters] */
    /* JADX WARN: Type inference failed for: r5v26 */
    /* JADX WARN: Type inference failed for: r5v27, types: [int] */
    /* JADX WARN: Type inference failed for: r5v31 */
    /* JADX WARN: Type inference failed for: r5v32 */
    /* JADX WARN: Type inference failed for: r5v33, types: [org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters] */
    /* JADX WARN: Type inference failed for: r5v37 */
    /* JADX WARN: Type inference failed for: r5v38 */
    @Override // org.bouncycastle.jcajce.PKIXCertRevocationChecker
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void check(java.security.cert.Certificate r23) {
        /*
            Method dump skipped, instructions count: 1206
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    /* renamed from: ά, reason: contains not printable characters */
    public final CertID m21142(AlgorithmIdentifier algorithmIdentifier, Certificate certificate, ASN1Integer aSN1Integer) {
        try {
            MessageDigest mo21075 = this.f42938.mo21075(MessageDigestUtils.m21078(algorithmIdentifier.f40072));
            return new CertID(algorithmIdentifier, new DEROctetString(mo21075.digest(certificate.f40103.f40221.m19777("DER"))), new DEROctetString(mo21075.digest(certificate.f40103.f40229.f40208.m19718())), aSN1Integer);
        } catch (Exception e) {
            throw new CertPathValidatorException("problem creating ID: " + e, e);
        }
    }

    @Override // org.bouncycastle.jcajce.PKIXCertRevocationChecker
    /* renamed from: Ⰳ */
    public final void mo20811(PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters) {
        this.f42936 = pKIXCertRevocationCheckerParameters;
        this.f42940 = Properties.m22289("ocsp.enable");
        this.f42937 = Properties.m22287("ocsp.responderURL");
    }

    /* renamed from: 㴎, reason: contains not printable characters */
    public final Certificate m21143() {
        try {
            return Certificate.m19980(this.f42936.f42149.getEncoded());
        } catch (Exception e) {
            String m22872 = C0253.m22872(e, C0280.m22881("cannot process signing cert: "));
            PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters = this.f42936;
            throw new CertPathValidatorException(m22872, e, pKIXCertRevocationCheckerParameters.f42147, pKIXCertRevocationCheckerParameters.f42150);
        }
    }
}
