package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C6246;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p1199.C38966;
import p1281.AbstractC40855;
import p1281.AbstractC40865;
import p1281.C40843;
import p1281.C40852;
import p1281.C40925;
import p1281.InterfaceC40824;
import p1281.InterfaceC40876;
import p143.C11515;
import p1518.InterfaceC48798;
import p1534.InterfaceC49386;
import p1588.InterfaceC51009;
import p1775.C54410;
import p2098.C60245;
import p2098.C60246;
import p2098.C60254;
import p2098.InterfaceC60249;
import p2107.InterfaceC60691;
import p310.C15635;
import p310.C15636;
import p310.C15644;
import p310.C15651;
import p310.C15662;
import p310.C15666;
import p310.C15674;
import p310.C15695;
import p351.C16469;
import p545.InterfaceC22141;
import p573.InterfaceC22661;
import p603.C23233;
import p650.C24563;
import p650.InterfaceC24562;
import p673.C25055;
import p673.InterfaceC25047;
import p675.C25088;
import p675.InterfaceC25090;
import p686.InterfaceC25301;
import p691.InterfaceC25373;
import p699.C25534;
import p740.InterfaceC26146;
import p743.C26192;
import p743.InterfaceC26190;
import p898.C32293;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvOcspRevocationChecker implements InterfaceC24562 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC26190 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C24563 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C40852(InterfaceC48798.f152852), "SHA1WITHRSA");
        hashMap.put(InterfaceC25047.f81926, "SHA224WITHRSA");
        hashMap.put(InterfaceC25047.f81903, "SHA256WITHRSA");
        hashMap.put(InterfaceC25047.f81895, "SHA384WITHRSA");
        hashMap.put(InterfaceC25047.f81830, "SHA512WITHRSA");
        hashMap.put(InterfaceC26146.f84991, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC26146.f84992, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC49386.f156402, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC49386.f156403, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC25373.f82729, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC25373.f82730, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC25373.f82731, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC25373.f82732, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC25373.f82733, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC25373.f82734, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC60691.f188670, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC60691.f188671, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC60691.f188672, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC60691.f188673, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC60691.f188674, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC25301.f82559, "XMSS");
        hashMap.put(InterfaceC25301.f82560, "XMSSMT");
        hashMap.put(new C40852("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C40852("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C40852("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC22661.f76903, "SHA1WITHECDSA");
        hashMap.put(InterfaceC22661.f76907, "SHA224WITHECDSA");
        hashMap.put(InterfaceC22661.f76908, "SHA256WITHECDSA");
        hashMap.put(InterfaceC22661.f76909, "SHA384WITHECDSA");
        hashMap.put(InterfaceC22661.f76910, "SHA512WITHECDSA");
        hashMap.put(InterfaceC51009.f159905, "SHA1WITHRSA");
        hashMap.put(InterfaceC51009.f159904, "SHA1WITHDSA");
        hashMap.put(InterfaceC22141.f75763, "SHA224WITHDSA");
        hashMap.put(InterfaceC22141.f75764, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC26190 interfaceC26190) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC26190;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C15695.m82894(publicKey.getEncoded()).m82899().m159735());
    }

    private C60246 createCertID(C15636 c15636, C15651 c15651, C40843 c40843) throws CertPathValidatorException {
        try {
            MessageDigest mo118084 = this.helper.mo118084(C26192.m118099(c15636.m82574()));
            return new C60246(c15636, new AbstractC40855(mo118084.digest(c15651.m82644().m159844("DER"))), new AbstractC40855(mo118084.digest(c15651.m82645().m82899().m159735())), c40843);
        } catch (Exception e) {
            throw new CertPathValidatorException(C11515.m68027("problem creating ID: ", e), e);
        }
    }

    private C60246 createCertID(C60246 c60246, C15651 c15651, C40843 c40843) throws CertPathValidatorException {
        return createCertID(c60246.m216785(), c15651, c40843);
    }

    private C15651 extractCert() throws CertPathValidatorException {
        try {
            return C15651.m82636(this.parameters.m113797().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C23233.m109315(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m113794(), this.parameters.m113795());
        }
    }

    private static String getDigestName(C40852 c40852) {
        String m118099 = C26192.m118099(c40852);
        int indexOf = m118099.indexOf(45);
        if (indexOf <= 0 || m118099.startsWith("SHA3")) {
            return m118099;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m118099.substring(0, indexOf));
        return C32293.m133377(m118099, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C15662.f58600.m159857());
        if (extensionValue == null) {
            return null;
        }
        C15635[] m82612 = C15644.m82611(AbstractC40855.m159861(extensionValue).m159864()).m82612();
        for (int i2 = 0; i2 != m82612.length; i2++) {
            C15635 c15635 = m82612[i2];
            if (C15635.f58483.m159896(c15635.m82571())) {
                C15666 m82570 = c15635.m82570();
                if (m82570.m82734() == 6) {
                    try {
                        return new URI(((InterfaceC40876) m82570.m82736()).mo115215());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C15636 c15636) {
        InterfaceC40824 m82575 = c15636.m82575();
        if (m82575 != null && !C40925.f128266.m159895(m82575) && c15636.m82574().m159896(InterfaceC25047.f81901)) {
            return C38966.m152107(new StringBuilder(), getDigestName(C25055.m115043(m82575).m115044().m82574()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c15636.m82574());
        C40852 m82574 = c15636.m82574();
        return containsKey ? (String) map.get(m82574) : m82574.m159857();
    }

    private static X509Certificate getSignerCert(C60245 c60245, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC26190 interfaceC26190) throws NoSuchProviderException, NoSuchAlgorithmException {
        C60254 m216824 = c60245.m216782().m216824();
        byte[] m216815 = m216824.m216815();
        if (m216815 != null) {
            MessageDigest mo118084 = interfaceC26190.mo118084("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m216815, calcKeyHash(mo118084, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m216815, calcKeyHash(mo118084, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC25090 interfaceC25090 = C16469.f60845;
        C25088 m115224 = C25088.m115224(interfaceC25090, m216824.m216816());
        if (x509Certificate2 != null && m115224.equals(C25088.m115224(interfaceC25090, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m115224.equals(C25088.m115224(interfaceC25090, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C60254 c60254, X509Certificate x509Certificate, InterfaceC26190 interfaceC26190) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m216815 = c60254.m216815();
        if (m216815 != null) {
            return Arrays.equals(m216815, calcKeyHash(interfaceC26190.mo118084("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC25090 interfaceC25090 = C16469.f60845;
        return C25088.m115224(interfaceC25090, c60254.m216816()).equals(C25088.m115224(interfaceC25090, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C60245 c60245, C24563 c24563, byte[] bArr, X509Certificate x509Certificate, InterfaceC26190 interfaceC26190) throws CertPathValidatorException {
        try {
            AbstractC40865 m216779 = c60245.m216779();
            Signature createSignature = interfaceC26190.createSignature(getSignatureName(c60245.m216781()));
            X509Certificate signerCert = getSignerCert(c60245, c24563.m113797(), x509Certificate, interfaceC26190);
            if (signerCert == null && m216779 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC26190.mo118088("X.509").generateCertificate(new ByteArrayInputStream(m216779.mo159917(0).mo35195().getEncoded()));
                x509Certificate2.verify(c24563.m113797().getPublicKey());
                x509Certificate2.checkValidity(c24563.m113798());
                if (!responderMatches(c60245.m216782().m216824(), x509Certificate2, interfaceC26190)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c24563.m113794(), c24563.m113795());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C15674.f58678.m82780())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c24563.m113794(), c24563.m113795());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c60245.m216782().m159844("DER"));
            if (!createSignature.verify(c60245.m216780().m159735())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c60245.m216782().m216825().m82711(InterfaceC60249.f187697).m82702().m159864())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c24563.m113794(), c24563.m113795());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C25534.m116151(e, new StringBuilder("OCSP response failure: ")), e, c24563.m113794(), c24563.m113795());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C6246.m29343(e3, new StringBuilder("OCSP response failure: ")), e3, c24563.m113794(), c24563.m113795());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a5, code lost:
    
        if (r0.m216785().equals(r1.m216842().m216785()) != false) goto L71;
     */
    @Override // p650.InterfaceC24562
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C54410.m198544("ocsp.enable");
        this.ocspURL = C54410.m198542("ocsp.responderURL");
    }

    @Override // p650.InterfaceC24562
    public void initialize(C24563 c24563) {
        this.parameters = c24563;
        this.isEnabledOCSP = C54410.m198544("ocsp.enable");
        this.ocspURL = C54410.m198542("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p650.InterfaceC24562
    public void setParameter(String str, Object obj) {
    }
}
