package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C6093;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p113.InterfaceC9213;
import p1201.C37837;
import p1302.C39822;
import p1368.InterfaceC41241;
import p1418.C43410;
import p1418.C43411;
import p1418.C43419;
import p1418.InterfaceC43414;
import p1513.InterfaceC46021;
import p1627.AbstractC48560;
import p1627.AbstractC48570;
import p1627.C48548;
import p1627.C48557;
import p1627.C48630;
import p1627.InterfaceC48529;
import p1627.InterfaceC48581;
import p1701.InterfaceC50628;
import p1703.C50669;
import p1703.InterfaceC50668;
import p1761.C51887;
import p1761.InterfaceC51885;
import p1836.InterfaceC53650;
import p1849.InterfaceC54029;
import p2097.C60191;
import p2138.InterfaceC60869;
import p547.C22239;
import p547.InterfaceC22241;
import p570.InterfaceC22685;
import p604.C23424;
import p701.C25064;
import p708.C25138;
import p708.InterfaceC25130;
import p752.C25950;
import p752.C25951;
import p752.C25959;
import p752.C25966;
import p752.C25978;
import p752.C25982;
import p752.C25990;
import p752.C26011;
import p826.C27485;
import p901.C29354;
import p973.InterfaceC33838;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvOcspRevocationChecker implements InterfaceC50668 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC51885 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C50669 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C48557(InterfaceC33838.f106512), "SHA1WITHRSA");
        hashMap.put(InterfaceC25130.f80244, "SHA224WITHRSA");
        hashMap.put(InterfaceC25130.f80316, "SHA256WITHRSA");
        hashMap.put(InterfaceC25130.f80300, "SHA384WITHRSA");
        hashMap.put(InterfaceC25130.f80322, "SHA512WITHRSA");
        hashMap.put(InterfaceC22685.f73565, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC22685.f73566, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC54029.f170182, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC54029.f170183, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC53650.f167160, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC53650.f167161, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC53650.f167162, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC53650.f167163, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC53650.f167164, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC53650.f167165, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC50628.f156959, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC50628.f156960, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC50628.f156961, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC50628.f156962, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC50628.f156963, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC46021.f146067, "XMSS");
        hashMap.put(InterfaceC46021.f146068, "XMSSMT");
        hashMap.put(new C48557("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C48557("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C48557("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC41241.f132494, "SHA1WITHECDSA");
        hashMap.put(InterfaceC41241.f132475, "SHA224WITHECDSA");
        hashMap.put(InterfaceC41241.f132480, "SHA256WITHECDSA");
        hashMap.put(InterfaceC41241.f132447, "SHA384WITHECDSA");
        hashMap.put(InterfaceC41241.f132498, "SHA512WITHECDSA");
        hashMap.put(InterfaceC60869.f189465, "SHA1WITHRSA");
        hashMap.put(InterfaceC60869.f189464, "SHA1WITHDSA");
        hashMap.put(InterfaceC9213.f42519, "SHA224WITHDSA");
        hashMap.put(InterfaceC9213.f42520, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC51885 interfaceC51885) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC51885;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C26011.m120378(publicKey.getEncoded()).m120383().m182382());
    }

    private C43411 createCertID(C25951 c25951, C25966 c25966, C48548 c48548) throws CertPathValidatorException {
        try {
            MessageDigest mo192031 = this.helper.mo192031(C51887.m192046(c25951.m120046()));
            return new C43411(c25951, new AbstractC48560(mo192031.digest(c25966.m120116().m182491("DER"))), new AbstractC48560(mo192031.digest(c25966.m120117().m120383().m182382())), c48548);
        } catch (Exception e) {
            throw new CertPathValidatorException(C27485.m124472("problem creating ID: ", e), e);
        }
    }

    private C43411 createCertID(C43411 c43411, C25966 c25966, C48548 c48548) throws CertPathValidatorException {
        return createCertID(c43411.m169607(), c25966, c48548);
    }

    private C25966 extractCert() throws CertPathValidatorException {
        try {
            return C25966.m120108(this.parameters.m187836().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C23424.m112359(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m187833(), this.parameters.m187834());
        }
    }

    private static String getDigestName(C48557 c48557) {
        String m192046 = C51887.m192046(c48557);
        int indexOf = m192046.indexOf(45);
        if (indexOf <= 0 || m192046.startsWith("SHA3")) {
            return m192046;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m192046.substring(0, indexOf));
        return C29354.m130076(m192046, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C25978.f82916.m182504());
        if (extensionValue == null) {
            return null;
        }
        C25950[] m120084 = C25959.m120083(AbstractC48560.m182508(extensionValue).m182511()).m120084();
        for (int i2 = 0; i2 != m120084.length; i2++) {
            C25950 c25950 = m120084[i2];
            if (C25950.f82814.m182543(c25950.m120043())) {
                C25982 m120042 = c25950.m120042();
                if (m120042.m120218() == 6) {
                    try {
                        return new URI(((InterfaceC48581) m120042.m120220()).mo108829());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C25951 c25951) {
        InterfaceC48529 m120047 = c25951.m120047();
        if (m120047 != null && !C48630.f153208.m182542(m120047) && c25951.m120046().m182543(InterfaceC25130.f80303)) {
            return C37837.m153118(new StringBuilder(), getDigestName(C25138.m117278(m120047).m117279().m120046()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c25951.m120046());
        C48557 m120046 = c25951.m120046();
        return containsKey ? (String) map.get(m120046) : m120046.m182504();
    }

    private static X509Certificate getSignerCert(C43410 c43410, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC51885 interfaceC51885) throws NoSuchProviderException, NoSuchAlgorithmException {
        C43419 m169646 = c43410.m169604().m169646();
        byte[] m169637 = m169646.m169637();
        if (m169637 != null) {
            MessageDigest mo192031 = interfaceC51885.mo192031("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m169637, calcKeyHash(mo192031, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m169637, calcKeyHash(mo192031, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC22241 interfaceC22241 = C60191.f187111;
        C22239 m108839 = C22239.m108839(interfaceC22241, m169646.m169638());
        if (x509Certificate2 != null && m108839.equals(C22239.m108839(interfaceC22241, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m108839.equals(C22239.m108839(interfaceC22241, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C43419 c43419, X509Certificate x509Certificate, InterfaceC51885 interfaceC51885) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m169637 = c43419.m169637();
        if (m169637 != null) {
            return Arrays.equals(m169637, calcKeyHash(interfaceC51885.mo192031("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC22241 interfaceC22241 = C60191.f187111;
        return C22239.m108839(interfaceC22241, c43419.m169638()).equals(C22239.m108839(interfaceC22241, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C43410 c43410, C50669 c50669, byte[] bArr, X509Certificate x509Certificate, InterfaceC51885 interfaceC51885) throws CertPathValidatorException {
        try {
            AbstractC48570 m169601 = c43410.m169601();
            Signature createSignature = interfaceC51885.createSignature(getSignatureName(c43410.m169603()));
            X509Certificate signerCert = getSignerCert(c43410, c50669.m187836(), x509Certificate, interfaceC51885);
            if (signerCert == null && m169601 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC51885.mo192035("X.509").generateCertificate(new ByteArrayInputStream(m169601.mo182564(0).mo34326().getEncoded()));
                x509Certificate2.verify(c50669.m187836().getPublicKey());
                x509Certificate2.checkValidity(c50669.m187837());
                if (!responderMatches(c43410.m169604().m169646(), x509Certificate2, interfaceC51885)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c50669.m187833(), c50669.m187834());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C25990.f83005.m120264())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c50669.m187833(), c50669.m187834());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c43410.m169604().m182491("DER"));
            if (!createSignature.verify(c43410.m169602().m182382())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c43410.m169604().m169647().m120195(InterfaceC43414.f138588).m120186().m182511())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c50669.m187833(), c50669.m187834());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C25064.m116954(e, new StringBuilder("OCSP response failure: ")), e, c50669.m187833(), c50669.m187834());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C6093.m29379(e3, new StringBuilder("OCSP response failure: ")), e3, c50669.m187833(), c50669.m187834());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a5, code lost:
    
        if (r0.m169607().equals(r1.m169664().m169607()) != false) goto L71;
     */
    @Override // p1703.InterfaceC50668
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C39822.m160694("ocsp.enable");
        this.ocspURL = C39822.m160692("ocsp.responderURL");
    }

    @Override // p1703.InterfaceC50668
    public void initialize(C50669 c50669) {
        this.parameters = c50669;
        this.isEnabledOCSP = C39822.m160694("ocsp.enable");
        this.ocspURL = C39822.m160692("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p1703.InterfaceC50668
    public void setParameter(String str, Object obj) {
    }
}
