package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C5969;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p052.InterfaceC8487;
import p1030.C36458;
import p1208.C40332;
import p1256.C41528;
import p130.InterfaceC12197;
import p1373.InterfaceC44145;
import p1424.InterfaceC44863;
import p144.InterfaceC12448;
import p149.C12503;
import p149.InterfaceC12502;
import p1643.C49061;
import p1646.C49123;
import p1646.InterfaceC49125;
import p1683.C49702;
import p1683.C49703;
import p1683.C49711;
import p1683.C49718;
import p1683.C49730;
import p1683.C49734;
import p1683.C49742;
import p1683.C49763;
import p1757.InterfaceC52102;
import p1767.InterfaceC52322;
import p1809.C52701;
import p2100.C59369;
import p2100.InterfaceC59367;
import p273.AbstractC14861;
import p273.AbstractC14871;
import p273.C14849;
import p273.C14858;
import p273.C14931;
import p273.InterfaceC14830;
import p273.InterfaceC14882;
import p387.C18749;
import p387.InterfaceC18741;
import p404.C18922;
import p688.InterfaceC28340;
import p751.C29916;
import p751.C29917;
import p751.C29925;
import p751.InterfaceC29920;
import p766.InterfaceC30047;
import p913.C33227;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvOcspRevocationChecker implements InterfaceC12502 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC59367 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C12503 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C14858(InterfaceC8487.f41442), "SHA1WITHRSA");
        hashMap.put(InterfaceC18741.f73977, "SHA224WITHRSA");
        hashMap.put(InterfaceC18741.f73849, "SHA256WITHRSA");
        hashMap.put(InterfaceC18741.f73834, "SHA384WITHRSA");
        hashMap.put(InterfaceC18741.f73860, "SHA512WITHRSA");
        hashMap.put(InterfaceC28340.f96377, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC28340.f96378, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC44145.f140790, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC44145.f140791, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC52322.f164754, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC52322.f164755, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC52322.f164756, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC52322.f164757, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC52322.f164758, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC52322.f164759, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC12197.f55278, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC12197.f55279, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC12197.f55280, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC12197.f55281, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC12197.f55282, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC44863.f142685, "XMSS");
        hashMap.put(InterfaceC44863.f142686, "XMSSMT");
        hashMap.put(new C14858("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C14858("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C14858("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC52102.f164226, "SHA1WITHECDSA");
        hashMap.put(InterfaceC52102.f164221, "SHA224WITHECDSA");
        hashMap.put(InterfaceC52102.f164228, "SHA256WITHECDSA");
        hashMap.put(InterfaceC52102.f164211, "SHA384WITHECDSA");
        hashMap.put(InterfaceC52102.f164273, "SHA512WITHECDSA");
        hashMap.put(InterfaceC30047.f101726, "SHA1WITHRSA");
        hashMap.put(InterfaceC30047.f101725, "SHA1WITHDSA");
        hashMap.put(InterfaceC12448.f56211, "SHA224WITHDSA");
        hashMap.put(InterfaceC12448.f56212, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC59367 interfaceC59367) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC59367;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C49763.m186691(publicKey.getEncoded()).m186696().m55564());
    }

    private C29917 createCertID(C29917 c29917, C49718 c49718, C14849 c14849) throws CertPathValidatorException {
        return createCertID(c29917.m122720(), c49718, c14849);
    }

    private C29917 createCertID(C49703 c49703, C49718 c49718, C14849 c14849) throws CertPathValidatorException {
        try {
            MessageDigest mo214636 = this.helper.mo214636(C59369.m214651(c49703.m186359()));
            return new C29917(c49703, new AbstractC14861(mo214636.digest(c49718.m186429().m55673("DER"))), new AbstractC14861(mo214636.digest(c49718.m186430().m186696().m55564())), c14849);
        } catch (Exception e) {
            throw new CertPathValidatorException(C52701.m194711("problem creating ID: ", e), e);
        }
    }

    private C49718 extractCert() throws CertPathValidatorException {
        try {
            return C49718.m186421(this.parameters.m47844().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C49061.m184525(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m47841(), this.parameters.m47842());
        }
    }

    private static String getDigestName(C14858 c14858) {
        String m214651 = C59369.m214651(c14858);
        int indexOf = m214651.indexOf(45);
        if (indexOf <= 0 || m214651.startsWith("SHA3")) {
            return m214651;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m214651.substring(0, indexOf));
        return C36458.m142432(m214651, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C49730.f156998.m55686());
        if (extensionValue == null) {
            return null;
        }
        C49702[] m186397 = C49711.m186396(AbstractC14861.m55690(extensionValue).m55693()).m186397();
        for (int i = 0; i != m186397.length; i++) {
            C49702 c49702 = m186397[i];
            if (C49702.f156896.m55725(c49702.m186356())) {
                C49734 m186355 = c49702.m186355();
                if (m186355.m186531() == 6) {
                    try {
                        return new URI(((InterfaceC14882) m186355.m186533()).mo55551());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C49703 c49703) {
        InterfaceC14830 m186360 = c49703.m186360();
        if (m186360 != null && !C14931.f62632.m55724(m186360) && c49703.m186359().m55725(InterfaceC18741.f73951)) {
            return C40332.m154476(new StringBuilder(), getDigestName(C18749.m66056(m186360).m66057().m186359()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c49703.m186359());
        C14858 m186359 = c49703.m186359();
        return containsKey ? (String) map.get(m186359) : m186359.m55686();
    }

    private static X509Certificate getSignerCert(C29916 c29916, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC59367 interfaceC59367) throws NoSuchProviderException, NoSuchAlgorithmException {
        C29925 m122759 = c29916.m122717().m122759();
        byte[] m122750 = m122759.m122750();
        if (m122750 != null) {
            MessageDigest mo214636 = interfaceC59367.mo214636("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m122750, calcKeyHash(mo214636, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m122750, calcKeyHash(mo214636, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC49125 interfaceC49125 = C18922.f74600;
        C49123 m185027 = C49123.m185027(interfaceC49125, m122759.m122751());
        if (x509Certificate2 != null && m185027.equals(C49123.m185027(interfaceC49125, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m185027.equals(C49123.m185027(interfaceC49125, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C29925 c29925, X509Certificate x509Certificate, InterfaceC59367 interfaceC59367) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m122750 = c29925.m122750();
        if (m122750 != null) {
            return Arrays.equals(m122750, calcKeyHash(interfaceC59367.mo214636("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC49125 interfaceC49125 = C18922.f74600;
        return C49123.m185027(interfaceC49125, c29925.m122751()).equals(C49123.m185027(interfaceC49125, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C29916 c29916, C12503 c12503, byte[] bArr, X509Certificate x509Certificate, InterfaceC59367 interfaceC59367) throws CertPathValidatorException {
        try {
            AbstractC14871 m122714 = c29916.m122714();
            Signature createSignature = interfaceC59367.createSignature(getSignatureName(c29916.m122716()));
            X509Certificate signerCert = getSignerCert(c29916, c12503.m47844(), x509Certificate, interfaceC59367);
            if (signerCert == null && m122714 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC59367.mo214640("X.509").generateCertificate(new ByteArrayInputStream(m122714.mo55746(0).mo47702().getEncoded()));
                x509Certificate2.verify(c12503.m47844().getPublicKey());
                x509Certificate2.checkValidity(c12503.m47845());
                if (!responderMatches(c29916.m122717().m122759(), x509Certificate2, interfaceC59367)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c12503.m47841(), c12503.m47842());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C49742.f157087.m186577())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c12503.m47841(), c12503.m47842());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c29916.m122717().m55673("DER"));
            if (!createSignature.verify(c29916.m122715().m55564())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c29916.m122717().m122760().m186508(InterfaceC29920.f101424).m186499().m55693())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c12503.m47841(), c12503.m47842());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C41528.m158964(e, new StringBuilder("OCSP response failure: ")), e, c12503.m47841(), c12503.m47842());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C5969.m28960(e3, new StringBuilder("OCSP response failure: ")), e3, c12503.m47841(), c12503.m47842());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a5, code lost:
    
        if (r0.m122720().equals(r1.m122777().m122720()) != false) goto L71;
     */
    @Override // p149.InterfaceC12502
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C33227.m131756("ocsp.enable");
        this.ocspURL = C33227.m131754("ocsp.responderURL");
    }

    @Override // p149.InterfaceC12502
    public void initialize(C12503 c12503) {
        this.parameters = c12503;
        this.isEnabledOCSP = C33227.m131756("ocsp.enable");
        this.ocspURL = C33227.m131754("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p149.InterfaceC12502
    public void setParameter(String str, Object obj) {
    }
}
