package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.ref.WeakReference;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Extension;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.WeakHashMap;
import ji.j;
import ji.k;
import ji.n;
import ji.o;
import org.bouncycastle.asn1.d0;
import org.bouncycastle.asn1.h;
import org.bouncycastle.asn1.m;
import org.bouncycastle.asn1.v;
import org.bouncycastle.asn1.w;
import org.bouncycastle.asn1.x509.u;
import org.bouncycastle.asn1.y1;
import org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters;
import org.bouncycastle.jcajce.util.JcaJceHelper;

/* loaded from: classes.dex */
class OcspCache {
    private static final int DEFAULT_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_TIMEOUT = 15000;
    private static Map<URI, WeakReference<Map<ji.b, ji.f>>> cache = Collections.synchronizedMap(new WeakHashMap());

    OcspCache() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ji.f getOcspResponse(ji.b bVar, PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters, URI uri, X509Certificate x509Certificate, List<Extension> list, JcaJceHelper jcaJceHelper) {
        ji.f l10;
        byte[] value;
        String id2;
        String id3;
        boolean isCritical;
        ji.f fVar;
        m o10;
        WeakReference<Map<ji.b, ji.f>> weakReference = cache.get(uri);
        Map<ji.b, ji.f> map = weakReference != null ? weakReference.get() : null;
        boolean z10 = false;
        if (map != null && (fVar = map.get(bVar)) != null) {
            d0 o11 = k.l(ji.a.m(w.v(fVar.m().n()).y()).n()).o();
            for (int i10 = 0; i10 != o11.size(); i10++) {
                n n10 = n.n(o11.z(i10));
                if (bVar.equals(n10.l()) && (o10 = n10.o()) != null) {
                    try {
                    } catch (ParseException unused) {
                        map.remove(bVar);
                    }
                    if (pKIXCertRevocationCheckerParameters.getValidDate().after(o10.z())) {
                        map.remove(bVar);
                        fVar = null;
                    }
                }
            }
            if (fVar != null) {
                return fVar;
            }
        }
        try {
            URL url = uri.toURL();
            h hVar = new h();
            hVar.a(new ji.h(bVar, null));
            h hVar2 = new h();
            byte[] bArr = null;
            for (int i11 = 0; i11 != list.size(); i11++) {
                Extension extension = list.get(i11);
                value = extension.getValue();
                String A = ji.d.f31476c.A();
                id2 = extension.getId();
                if (A.equals(id2)) {
                    bArr = value;
                }
                id3 = extension.getId();
                v vVar = new v(id3);
                isCritical = extension.isCritical();
                hVar2.a(new u(vVar, isCritical, value));
            }
            try {
                byte[] encoded = new ji.e(new o(null, new y1(hVar), org.bouncycastle.asn1.x509.v.m(new y1(hVar2))), null).getEncoded();
                HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                httpURLConnection.setConnectTimeout(DEFAULT_TIMEOUT);
                httpURLConnection.setReadTimeout(DEFAULT_TIMEOUT);
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setDoInput(true);
                httpURLConnection.setRequestMethod("POST");
                httpURLConnection.setRequestProperty("Content-type", "application/ocsp-request");
                httpURLConnection.setRequestProperty("Content-length", String.valueOf(encoded.length));
                OutputStream outputStream = httpURLConnection.getOutputStream();
                outputStream.write(encoded);
                outputStream.flush();
                InputStream inputStream = httpURLConnection.getInputStream();
                int contentLength = httpURLConnection.getContentLength();
                if (contentLength < 0) {
                    contentLength = 32768;
                }
                l10 = ji.f.l(yk.b.e(inputStream, contentLength));
            } catch (IOException e10) {
                e = e10;
            }
            try {
                if (l10.n().m() != 0) {
                    throw new CertPathValidatorException("OCSP responder failed: " + l10.n().n(), null, pKIXCertRevocationCheckerParameters.getCertPath(), pKIXCertRevocationCheckerParameters.getIndex());
                }
                j l11 = j.l(l10.m());
                if (l11.o().q(ji.d.f31475b)) {
                    z10 = ProvOcspRevocationChecker.validatedOcspResponse(ji.a.m(l11.n().y()), pKIXCertRevocationCheckerParameters, bArr, x509Certificate, jcaJceHelper);
                }
                if (!z10) {
                    throw new CertPathValidatorException("OCSP response failed to validate", null, pKIXCertRevocationCheckerParameters.getCertPath(), pKIXCertRevocationCheckerParameters.getIndex());
                }
                WeakReference<Map<ji.b, ji.f>> weakReference2 = cache.get(uri);
                if (weakReference2 != null) {
                    weakReference2.get().put(bVar, l10);
                } else {
                    HashMap hashMap = new HashMap();
                    hashMap.put(bVar, l10);
                    cache.put(uri, new WeakReference<>(hashMap));
                }
                return l10;
            } catch (IOException e11) {
                e = e11;
                throw new CertPathValidatorException("configuration error: " + e.getMessage(), e, pKIXCertRevocationCheckerParameters.getCertPath(), pKIXCertRevocationCheckerParameters.getIndex());
            }
        } catch (MalformedURLException e12) {
            throw new CertPathValidatorException("configuration error: " + e12.getMessage(), e12, pKIXCertRevocationCheckerParameters.getCertPath(), pKIXCertRevocationCheckerParameters.getIndex());
        }
    }
}
