package org.bouncycastle.jce.provider;

import android.support.v4.media.a;
import com.google.firebase.perf.network.FirebasePerfUrlConnection;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.ref.WeakReference;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Extension;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.WeakHashMap;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.CertID;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPRequest;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.asn1.ocsp.Request;
import org.bouncycastle.asn1.ocsp.ResponseBytes;
import org.bouncycastle.asn1.ocsp.ResponseData;
import org.bouncycastle.asn1.ocsp.SingleResponse;
import org.bouncycastle.asn1.ocsp.TBSRequest;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.util.io.StreamOverflowException;

/* loaded from: classes3.dex */
class OcspCache {
    private static final int DEFAULT_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_TIMEOUT = 15000;
    private static Map<URI, WeakReference<Map<CertID, OCSPResponse>>> cache = Collections.synchronizedMap(new WeakHashMap());

    /* JADX WARN: Multi-variable type inference failed */
    public static OCSPResponse getOcspResponse(CertID certID, PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters, URI uri, X509Certificate x509Certificate, List<Extension> list, JcaJceHelper jcaJceHelper) {
        OCSPResponse oCSPResponse;
        ASN1GeneralizedTime aSN1GeneralizedTime;
        WeakReference<Map<CertID, OCSPResponse>> weakReference = cache.get(uri);
        Map<CertID, OCSPResponse> map = weakReference != null ? weakReference.get() : null;
        boolean z5 = false;
        if (map != null && (oCSPResponse = map.get(certID)) != null) {
            ASN1Sequence aSN1Sequence = ResponseData.l(BasicOCSPResponse.l(ASN1OctetString.v(oCSPResponse.b.b).f28854a).f29042a).f29060e;
            for (int i6 = 0; i6 != aSN1Sequence.size(); i6++) {
                ASN1Encodable y = aSN1Sequence.y(i6);
                SingleResponse singleResponse = y instanceof SingleResponse ? (SingleResponse) y : y != null ? new SingleResponse(ASN1Sequence.v(y)) : null;
                if (certID.equals(singleResponse.f29063a) && (aSN1GeneralizedTime = singleResponse.f29065d) != null) {
                    try {
                        pKIXCertRevocationCheckerParameters.getClass();
                    } catch (ParseException unused) {
                        map.remove(certID);
                    }
                    if (new Date(pKIXCertRevocationCheckerParameters.b.getTime()).after(aSN1GeneralizedTime.y())) {
                        map.remove(certID);
                        oCSPResponse = null;
                    }
                }
            }
            if (oCSPResponse != null) {
                return oCSPResponse;
            }
        }
        try {
            URL url = uri.toURL();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.a(new Request(certID));
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            byte[] bArr = null;
            for (int i7 = 0; i7 != list.size(); i7++) {
                Extension extension = list.get(i7);
                byte[] value = extension.getValue();
                if (OCSPObjectIdentifiers.b.f28852a.equals(extension.getId())) {
                    bArr = value;
                }
                aSN1EncodableVector2.a(new org.bouncycastle.asn1.x509.Extension(new ASN1ObjectIdentifier(extension.getId()), extension.isCritical(), value));
            }
            try {
                byte[] encoded = new OCSPRequest(new TBSRequest(new DERSequence(aSN1EncodableVector), Extensions.m(new DERSequence(aSN1EncodableVector2)))).getEncoded();
                HttpURLConnection httpURLConnection = (HttpURLConnection) ((URLConnection) FirebasePerfUrlConnection.instrument(url.openConnection()));
                httpURLConnection.setConnectTimeout(15000);
                httpURLConnection.setReadTimeout(15000);
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setDoInput(true);
                httpURLConnection.setRequestMethod("POST");
                httpURLConnection.setRequestProperty("Content-type", "application/ocsp-request");
                httpURLConnection.setRequestProperty("Content-length", String.valueOf(encoded.length));
                OutputStream outputStream = httpURLConnection.getOutputStream();
                outputStream.write(encoded);
                outputStream.flush();
                InputStream inputStream = httpURLConnection.getInputStream();
                int contentLength = httpURLConnection.getContentLength();
                if (contentLength < 0) {
                    contentLength = 32768;
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                long j = contentLength;
                int i8 = 4096;
                byte[] bArr2 = new byte[4096];
                long j2 = 0;
                while (true) {
                    int read = inputStream.read(bArr2, z5 ? 1 : 0, i8);
                    if (read < 0) {
                        byte[] byteArray = byteArrayOutputStream.toByteArray();
                        OCSPResponse oCSPResponse2 = byteArray instanceof OCSPResponse ? (OCSPResponse) byteArray : byteArray != 0 ? new OCSPResponse(ASN1Sequence.v(byteArray)) : null;
                        if (oCSPResponse2.f29051a.f29052a.x() != 0) {
                            StringBuilder sb = new StringBuilder();
                            sb.append("OCSP responder failed: ");
                            ASN1Enumerated aSN1Enumerated = oCSPResponse2.f29051a.f29052a;
                            aSN1Enumerated.getClass();
                            sb.append(new BigInteger(aSN1Enumerated.f28841a));
                            throw new CertPathValidatorException(sb.toString(), null, pKIXCertRevocationCheckerParameters.f30330c, pKIXCertRevocationCheckerParameters.f30331d);
                        }
                        ResponseBytes l = ResponseBytes.l(oCSPResponse2.b);
                        if (l.f29055a.q(OCSPObjectIdentifiers.f29049a)) {
                            z5 = ProvOcspRevocationChecker.validatedOcspResponse(BasicOCSPResponse.l(l.b.f28854a), pKIXCertRevocationCheckerParameters, bArr, x509Certificate, jcaJceHelper);
                        }
                        if (!z5) {
                            throw new CertPathValidatorException("OCSP response failed to validate", null, pKIXCertRevocationCheckerParameters.f30330c, pKIXCertRevocationCheckerParameters.f30331d);
                        }
                        WeakReference<Map<CertID, OCSPResponse>> weakReference2 = cache.get(uri);
                        if (weakReference2 != null) {
                            weakReference2.get().put(certID, oCSPResponse2);
                        } else {
                            HashMap hashMap = new HashMap();
                            hashMap.put(certID, oCSPResponse2);
                            cache.put(uri, new WeakReference<>(hashMap));
                        }
                        return oCSPResponse2;
                    }
                    InputStream inputStream2 = inputStream;
                    long j6 = read;
                    if (j - j2 < j6) {
                        throw new StreamOverflowException();
                    }
                    j2 += j6;
                    z5 = false;
                    byteArrayOutputStream.write(bArr2, 0, read);
                    i8 = 4096;
                    inputStream = inputStream2;
                }
            } catch (IOException e6) {
                throw new CertPathValidatorException(a.i(e6, a.s("configuration error: ")), e6, pKIXCertRevocationCheckerParameters.f30330c, pKIXCertRevocationCheckerParameters.f30331d);
            }
        } catch (MalformedURLException e7) {
            StringBuilder s = a.s("configuration error: ");
            s.append(e7.getMessage());
            throw new CertPathValidatorException(s.toString(), e7, pKIXCertRevocationCheckerParameters.f30330c, pKIXCertRevocationCheckerParameters.f30331d);
        }
    }
}
