package org.bouncycastle.jce.provider;

import de.aflx.sardine.impl.ntlm.C5738;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p094.C8088;
import p094.C8089;
import p094.C8097;
import p094.InterfaceC8092;
import p108.C8483;
import p108.InterfaceC8481;
import p1121.InterfaceC32640;
import p1193.InterfaceC34606;
import p1251.InterfaceC35436;
import p1293.C36452;
import p1293.InterfaceC36444;
import p1338.C37299;
import p1392.C38040;
import p145.C8828;
import p145.C8829;
import p145.C8837;
import p145.C8844;
import p145.C8854;
import p145.C8858;
import p145.C8866;
import p145.C8887;
import p1466.C39082;
import p460.InterfaceC15348;
import p514.C16269;
import p551.C16861;
import p551.InterfaceC16863;
import p605.InterfaceC17638;
import p609.InterfaceC17677;
import p616.C17712;
import p623.InterfaceC17834;
import p684.InterfaceC19318;
import p742.C20755;
import p742.InterfaceC20754;
import p825.C25421;
import p841.AbstractC25645;
import p841.AbstractC25655;
import p841.C25633;
import p841.C25642;
import p841.C25715;
import p841.InterfaceC25614;
import p841.InterfaceC25616;
import p841.InterfaceC25666;
import p944.C28373;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class ProvOcspRevocationChecker implements InterfaceC20754 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC8481 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C20755 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C25642("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(InterfaceC36444.f105064, "SHA224WITHRSA");
        hashMap.put(InterfaceC36444.f105006, "SHA256WITHRSA");
        hashMap.put(InterfaceC36444.f104983, "SHA384WITHRSA");
        hashMap.put(InterfaceC36444.f104981, "SHA512WITHRSA");
        hashMap.put(InterfaceC35436.f102466, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC35436.f102467, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC17638.f55952, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC17638.f55953, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC17834.f56407, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC17834.f56408, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC17834.f56409, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC17834.f56410, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC17834.f56411, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC17834.f56412, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC34606.f98562, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC34606.f98563, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC34606.f98564, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC34606.f98565, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC34606.f98566, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC15348.f49393, "XMSS");
        hashMap.put(InterfaceC15348.f49394, "XMSSMT");
        hashMap.put(new C25642("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C25642("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C25642("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC32640.f93422, "SHA1WITHECDSA");
        hashMap.put(InterfaceC32640.f93455, "SHA224WITHECDSA");
        hashMap.put(InterfaceC32640.f93412, "SHA256WITHECDSA");
        hashMap.put(InterfaceC32640.f93421, "SHA384WITHECDSA");
        hashMap.put(InterfaceC32640.f93438, "SHA512WITHECDSA");
        hashMap.put(InterfaceC17677.f55986, "SHA1WITHRSA");
        hashMap.put(InterfaceC17677.f55985, "SHA1WITHDSA");
        hashMap.put(InterfaceC19318.f60165, "SHA224WITHDSA");
        hashMap.put(InterfaceC19318.f60166, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC8481 interfaceC8481) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC8481;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C8887.m37108(publicKey.getEncoded()).m37113().m91770());
    }

    private C8089 createCertID(C8089 c8089, C8844 c8844, C25633 c25633) throws CertPathValidatorException {
        return createCertID(c8089.m34578(), c8844, c25633);
    }

    private C8089 createCertID(C8829 c8829, C8844 c8844, C25633 c25633) throws CertPathValidatorException {
        try {
            MessageDigest mo35476 = this.helper.mo35476(C8483.m35498(c8829.m36789()));
            return new C8089(c8829, new AbstractC25645(mo35476.digest(c8844.m36859().m91879(InterfaceC25616.f76127))), new AbstractC25645(mo35476.digest(c8844.m36860().m37113().m91770())), c25633);
        } catch (Exception e) {
            throw new CertPathValidatorException(C37299.m129070("problem creating ID: ", e), e);
        }
    }

    private C8844 extractCert() throws CertPathValidatorException {
        try {
            return C8844.m36851(this.parameters.m75695().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C5738.m27983(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m75692(), this.parameters.m75693());
        }
    }

    private static String getDigestName(C25642 c25642) {
        String m35498 = C8483.m35498(c25642);
        int indexOf = m35498.indexOf(45);
        if (indexOf <= 0 || m35498.startsWith("SHA3")) {
            return m35498;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m35498.substring(0, indexOf));
        return C16269.m58297(m35498, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C8854.f31304.m91892());
        if (extensionValue == null) {
            return null;
        }
        C8828[] m36827 = C8837.m36826(AbstractC25645.m91896(extensionValue).m91899()).m36827();
        for (int i = 0; i != m36827.length; i++) {
            C8828 c8828 = m36827[i];
            if (C8828.f31183.m91931(c8828.m36786())) {
                C8858 m36785 = c8828.m36785();
                if (m36785.m36948() == 6) {
                    try {
                        return new URI(((InterfaceC25666) m36785.m36950()).mo60529());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C8829 c8829) {
        InterfaceC25614 m36790 = c8829.m36790();
        if (m36790 != null && !C25715.f76306.m91930(m36790) && c8829.m36789().m91931(InterfaceC36444.f104963)) {
            return C28373.m101433(new StringBuilder(), getDigestName(C36452.m125723(m36790).m125724().m36789()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c8829.m36789());
        C25642 m36789 = c8829.m36789();
        return containsKey ? (String) map.get(m36789) : m36789.m91892();
    }

    private static X509Certificate getSignerCert(C8088 c8088, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC8481 interfaceC8481) throws NoSuchProviderException, NoSuchAlgorithmException {
        C8097 m34617 = c8088.m34575().m34617();
        byte[] m34608 = m34617.m34608();
        if (m34608 != null) {
            MessageDigest mo35476 = interfaceC8481.mo35476("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m34608, calcKeyHash(mo35476, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m34608, calcKeyHash(mo35476, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC16863 interfaceC16863 = C25421.f75711;
        C16861 m60538 = C16861.m60538(interfaceC16863, m34617.m34609());
        if (x509Certificate2 != null && m60538.equals(C16861.m60538(interfaceC16863, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m60538.equals(C16861.m60538(interfaceC16863, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C8097 c8097, X509Certificate x509Certificate, InterfaceC8481 interfaceC8481) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m34608 = c8097.m34608();
        if (m34608 != null) {
            return Arrays.equals(m34608, calcKeyHash(interfaceC8481.mo35476("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC16863 interfaceC16863 = C25421.f75711;
        return C16861.m60538(interfaceC16863, c8097.m34609()).equals(C16861.m60538(interfaceC16863, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C8088 c8088, C20755 c20755, byte[] bArr, X509Certificate x509Certificate, InterfaceC8481 interfaceC8481) throws CertPathValidatorException {
        try {
            AbstractC25655 m34572 = c8088.m34572();
            Signature createSignature = interfaceC8481.createSignature(getSignatureName(c8088.m34574()));
            X509Certificate signerCert = getSignerCert(c8088, c20755.m75695(), x509Certificate, interfaceC8481);
            if (signerCert == null && m34572 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC8481.mo35483("X.509").generateCertificate(new ByteArrayInputStream(m34572.mo91952(0).mo30295().getEncoded()));
                x509Certificate2.verify(c20755.m75695().getPublicKey());
                x509Certificate2.checkValidity(c20755.m75696());
                if (!responderMatches(c8088.m34575().m34617(), x509Certificate2, interfaceC8481)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c20755.m75692(), c20755.m75693());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C8866.f31359.m36994())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c20755.m75692(), c20755.m75693());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c8088.m34575().m91879(InterfaceC25616.f76127));
            if (!createSignature.verify(c8088.m34573().m91770())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c8088.m34575().m34618().m36925(InterfaceC8092.f28689).m36916().m91899())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c20755.m75692(), c20755.m75693());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C39082.m134776(e, new StringBuilder("OCSP response failure: ")), e, c20755.m75692(), c20755.m75693());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C17712.m63058(e3, new StringBuilder("OCSP response failure: ")), e3, c20755.m75692(), c20755.m75693());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a5, code lost:
    
        if (r0.m34578().equals(r1.m34635().m34578()) != false) goto L71;
     */
    @Override // p742.InterfaceC20754
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C38040.m131954("ocsp.enable");
        this.ocspURL = C38040.m131952("ocsp.responderURL");
    }

    @Override // p742.InterfaceC20754
    public void initialize(C20755 c20755) {
        this.parameters = c20755;
        this.isEnabledOCSP = C38040.m131954("ocsp.enable");
        this.ocspURL = C38040.m131952("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p742.InterfaceC20754
    public void setParameter(String str, Object obj) {
    }
}
