package com.blackberry.security.trustmgr.crsvc;

import android.content.Context;
import android.os.ConditionVariable;
import android.os.RemoteException;
import android.os.SystemClock;
import android.util.Log;
import com.blackberry.security.cr.CertificateRevocation;
import com.blackberry.security.cr.CrServiceConnection;
import com.blackberry.security.trustmgr.FutureResult;
import com.blackberry.security.trustmgr.OcspProfile;
import com.blackberry.security.trustmgr.ValidationContext;
import com.blackberry.security.trustmgr.internal.a0;
import com.blackberry.security.trustmgr.internal.c;
import com.blackberry.security.trustmgr.internal.d;
import com.blackberry.security.trustmgr.internal.k;
import com.blackberry.security.trustmgr.internal.p;
import com.blackberry.security.trustmgr.internal.u;
import com.blackberry.security.trustmgr.internal.z;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.concurrent.Executor;

/* loaded from: classes.dex */
class OCSPValidator extends c {
    private static final String LOG_TAG = "certmgr:trustmgr:OCSPValidator";
    private CertificateRevocation mCertificateRevocation;
    private final Context mContext;
    private final ConditionVariable serverConn = new ConditionVariable();
    private final CrServiceConnection mConn = new CrServiceConnection() { // from class: com.blackberry.security.trustmgr.crsvc.OCSPValidator.1
        @Override // com.blackberry.security.cr.CrServiceConnection
        public void onCRServiceConnected() {
            OCSPValidator.this.serverConn.open();
        }

        @Override // com.blackberry.security.cr.CrServiceConnection
        public void onCRServiceDisconnected() {
        }
    };

    /* loaded from: classes.dex */
    private class Worker implements Runnable {
        private final ValidationContext mContext;
        private final d<Void> mResultRef;

        Worker(ValidationContext validationContext, d<Void> dVar) {
            this.mContext = validationContext;
            this.mResultRef = dVar;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                if (this.mResultRef.h()) {
                    return;
                }
                OCSPValidator.this.validateImpl(this.mContext);
                this.mResultRef.k(null);
            } catch (z e10) {
                this.mResultRef.l(e10);
            }
        }
    }

    public OCSPValidator(Context context) {
        addSupportedProfileType(OcspProfile.class);
        this.mContext = context;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void validateImpl(ValidationContext validationContext) {
        CertPath certPath = (CertPath) validationContext.get(p.f7902a);
        if (certPath == null) {
            throw new z("No certificate path provided");
        }
        ArrayList arrayList = new ArrayList(certPath.getCertificates());
        if (arrayList.size() <= 1) {
            k kVar = new k(k.a.STATUS_UNKNOWN);
            kVar.c("Only 1 certificate in chain, cannot perform OCSP checking");
            k kVar2 = new k(kVar.getType());
            kVar2.b(kVar.a());
            u uVar = new u();
            uVar.c(kVar2);
            uVar.a((Certificate) arrayList.get(0), kVar);
            ((a0) validationContext.get(ValidationContext.WARNINGS)).a(OcspProfile.class, uVar);
            return;
        }
        Iterator it = arrayList.iterator();
        it.next();
        it.next();
        while (it.hasNext()) {
            it.next();
            it.remove();
        }
        Collections.reverse(arrayList);
        X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        CertificateRevocation certificateRevocation = new CertificateRevocation(this.mContext);
        this.mCertificateRevocation = certificateRevocation;
        if (!certificateRevocation.bindService(this.mConn)) {
            throw new z("bindToCrService() failed");
        }
        validateImpl(validationContext, x509CertificateArr);
        this.mCertificateRevocation.unbindService(this.mConn);
    }

    private void validateImpl(ValidationContext validationContext, X509Certificate[] x509CertificateArr) {
        long elapsedRealtime = SystemClock.elapsedRealtime();
        boolean block = this.serverConn.block(5000L);
        long elapsedRealtime2 = SystemClock.elapsedRealtime() - elapsedRealtime;
        if (!block) {
            Log.d(LOG_TAG, "Failed to connect to CertificateRevocationService within 5000ms");
            throw new z("Failed to connect to CertificateRevocationService within 5000ms");
        }
        Log.d(LOG_TAG, "CertificateRevocationService is connected: " + elapsedRealtime2 + "ms");
        this.serverConn.close();
        try {
            int[] ocspStatus = this.mCertificateRevocation.getOcspStatus(x509CertificateArr);
            if (ocspStatus == null) {
                Log.d(LOG_TAG, "getOCSPStatus failed: resArray==null");
                throw new z("mCertificateRevocation.getOCSPStatus() failed");
            }
            if (ocspStatus.length == 0) {
                Log.d(LOG_TAG, "getOCSPStatus failed: resArray.length=0");
                throw new z("mCertificateRevocation.getOCSPStatus() failed");
            }
            u uVar = new u();
            for (int i10 = 0; i10 < ocspStatus.length; i10++) {
                k kVar = null;
                int i11 = ocspStatus[i10];
                if (i11 != 0) {
                    if (i11 == 1) {
                        kVar = new k(k.a.STATUS_REVOKED);
                    } else if (i11 == 2) {
                        kVar = new k(k.a.STATUS_UNKNOWN);
                    } else if (i11 == 49551) {
                        kVar = new k(k.a.OCSP_NO_CERT_URL);
                        kVar.c("Error code = 0x" + Integer.toString(ocspStatus[i10], 16));
                    } else if (i11 == 49555 || i11 == 600004) {
                        kVar = new k(k.a.WARNING_SERVER_UNAVAILABLE);
                        kVar.c("Error code = 0x" + Integer.toString(ocspStatus[i10], 16));
                    } else {
                        kVar = new k(k.a.ERROR);
                        kVar.c("Error code = 0x" + Integer.toString(ocspStatus[i10], 16));
                    }
                }
                if (kVar != null) {
                    k kVar2 = new k(kVar.getType());
                    kVar2.b(kVar.a());
                    uVar.c(kVar2);
                    uVar.a(x509CertificateArr[i10 + 1], kVar);
                }
            }
            ((a0) validationContext.get(ValidationContext.WARNINGS)).a(OcspProfile.class, uVar);
        } catch (RemoteException | CertificateEncodingException e10) {
            throw new z("mCertificateRevocation.getOCSPStatus() failed", e10);
        }
    }

    @Override // com.blackberry.security.trustmgr.Validator
    public FutureResult<Void> validate(ValidationContext validationContext) {
        if (((OcspProfile) getProfile(OcspProfile.class)) == null) {
            throw new z("Missing OCSP Profile");
        }
        d dVar = new d();
        ((Executor) validationContext.get(ValidationContext.LONG_TASK_EXECUTOR)).execute(new Worker(validationContext, dVar));
        return dVar;
    }
}
