package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C6328;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p091.C8689;
import p1206.C36361;
import p1410.C41490;
import p1410.InterfaceC41492;
import p1546.InterfaceC44822;
import p1646.C47327;
import p1646.C47328;
import p1646.C47336;
import p1646.C47343;
import p1646.C47355;
import p1646.C47359;
import p1646.C47367;
import p1646.C47388;
import p1657.InterfaceC47519;
import p1766.InterfaceC49388;
import p1813.C49978;
import p1826.C50097;
import p1826.InterfaceC50096;
import p1884.InterfaceC51456;
import p1902.C51741;
import p2106.InterfaceC60030;
import p2116.C60702;
import p2116.InterfaceC60700;
import p304.InterfaceC14437;
import p472.C18254;
import p485.InterfaceC18529;
import p531.C19759;
import p549.C20275;
import p549.C20276;
import p549.C20284;
import p549.InterfaceC20279;
import p572.AbstractC20732;
import p572.AbstractC20742;
import p572.C20720;
import p572.C20729;
import p572.C20802;
import p572.InterfaceC20701;
import p572.InterfaceC20753;
import p752.C23836;
import p752.InterfaceC23828;
import p766.InterfaceC24037;
import p768.C24046;
import p825.InterfaceC24858;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvOcspRevocationChecker implements InterfaceC50096 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC60700 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C50097 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C20729(InterfaceC14437.f56593), "SHA1WITHRSA");
        hashMap.put(InterfaceC23828.f85966, "SHA224WITHRSA");
        hashMap.put(InterfaceC23828.f85963, "SHA256WITHRSA");
        hashMap.put(InterfaceC23828.f85969, "SHA384WITHRSA");
        hashMap.put(InterfaceC23828.f85961, "SHA512WITHRSA");
        hashMap.put(InterfaceC44822.f146657, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC44822.f146658, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC24037.f86561, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC24037.f86562, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC47519.f153248, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC47519.f153249, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC47519.f153250, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC47519.f153251, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC47519.f153252, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC47519.f153253, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC49388.f159550, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC49388.f159551, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC49388.f159552, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC49388.f159553, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC49388.f159554, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC51456.f166096, "XMSS");
        hashMap.put(InterfaceC51456.f166097, "XMSSMT");
        hashMap.put(new C20729("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C20729("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C20729("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC24858.f89075, "SHA1WITHECDSA");
        hashMap.put(InterfaceC24858.f89118, "SHA224WITHECDSA");
        hashMap.put(InterfaceC24858.f89078, "SHA256WITHECDSA");
        hashMap.put(InterfaceC24858.f89101, "SHA384WITHECDSA");
        hashMap.put(InterfaceC24858.f89082, "SHA512WITHECDSA");
        hashMap.put(InterfaceC60030.f186546, "SHA1WITHRSA");
        hashMap.put(InterfaceC60030.f186545, "SHA1WITHDSA");
        hashMap.put(InterfaceC18529.f70419, "SHA224WITHDSA");
        hashMap.put(InterfaceC18529.f70420, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC60700 interfaceC60700) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC60700;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C47388.m177146(publicKey.getEncoded()).m177151().m100170());
    }

    private C20276 createCertID(C20276 c20276, C47343 c47343, C20720 c20720) throws CertPathValidatorException {
        return createCertID(c20276.m98615(), c47343, c20720);
    }

    private C20276 createCertID(C47328 c47328, C47343 c47343, C20720 c20720) throws CertPathValidatorException {
        try {
            MessageDigest mo217539 = this.helper.mo217539(C60702.m217554(c47328.m176814()));
            return new C20276(c47328, new AbstractC20732(mo217539.digest(c47343.m176884().m100279("DER"))), new AbstractC20732(mo217539.digest(c47343.m176885().m177151().m100170())), c20720);
        } catch (Exception e) {
            throw new CertPathValidatorException(C24046.m110886("problem creating ID: ", e), e);
        }
    }

    private C47343 extractCert() throws CertPathValidatorException {
        try {
            return C47343.m176876(this.parameters.m185333().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C8689.m38228(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m185330(), this.parameters.m185331());
        }
    }

    private static String getDigestName(C20729 c20729) {
        String m217554 = C60702.m217554(c20729);
        int indexOf = m217554.indexOf(45);
        if (indexOf <= 0 || m217554.startsWith("SHA3")) {
            return m217554;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m217554.substring(0, indexOf));
        return C19759.m95763(m217554, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C47355.f152582.m100292());
        if (extensionValue == null) {
            return null;
        }
        C47327[] m176852 = C47336.m176851(AbstractC20732.m100296(extensionValue).m100299()).m176852();
        for (int i2 = 0; i2 != m176852.length; i2++) {
            C47327 c47327 = m176852[i2];
            if (C47327.f152456.m100331(c47327.m176811())) {
                C47359 m176810 = c47327.m176810();
                if (m176810.m176986() == 6) {
                    try {
                        return new URI(((InterfaceC20753) m176810.m176988()).mo100157());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C47328 c47328) {
        InterfaceC20701 m176815 = c47328.m176815();
        if (m176815 != null && !C20802.f75621.m100330(m176815) && c47328.m176814().m100331(InterfaceC23828.f85980)) {
            return C36361.m143850(new StringBuilder(), getDigestName(C23836.m110223(m176815).m110224().m176814()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c47328.m176814());
        C20729 m176814 = c47328.m176814();
        return containsKey ? (String) map.get(m176814) : m176814.m100292();
    }

    private static X509Certificate getSignerCert(C20275 c20275, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC60700 interfaceC60700) throws NoSuchProviderException, NoSuchAlgorithmException {
        C20284 m98654 = c20275.m98612().m98654();
        byte[] m98645 = m98654.m98645();
        if (m98645 != null) {
            MessageDigest mo217539 = interfaceC60700.mo217539("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m98645, calcKeyHash(mo217539, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m98645, calcKeyHash(mo217539, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC41492 interfaceC41492 = C18254.f69460;
        C41490 m160578 = C41490.m160578(interfaceC41492, m98654.m98646());
        if (x509Certificate2 != null && m160578.equals(C41490.m160578(interfaceC41492, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m160578.equals(C41490.m160578(interfaceC41492, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C20284 c20284, X509Certificate x509Certificate, InterfaceC60700 interfaceC60700) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m98645 = c20284.m98645();
        if (m98645 != null) {
            return Arrays.equals(m98645, calcKeyHash(interfaceC60700.mo217539("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC41492 interfaceC41492 = C18254.f69460;
        return C41490.m160578(interfaceC41492, c20284.m98646()).equals(C41490.m160578(interfaceC41492, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C20275 c20275, C50097 c50097, byte[] bArr, X509Certificate x509Certificate, InterfaceC60700 interfaceC60700) throws CertPathValidatorException {
        try {
            AbstractC20742 m98609 = c20275.m98609();
            Signature createSignature = interfaceC60700.createSignature(getSignatureName(c20275.m98611()));
            X509Certificate signerCert = getSignerCert(c20275, c50097.m185333(), x509Certificate, interfaceC60700);
            if (signerCert == null && m98609 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC60700.mo217543("X.509").generateCertificate(new ByteArrayInputStream(m98609.mo100352(0).mo36862().getEncoded()));
                x509Certificate2.verify(c50097.m185333().getPublicKey());
                x509Certificate2.checkValidity(c50097.m185334());
                if (!responderMatches(c20275.m98612().m98654(), x509Certificate2, interfaceC60700)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c50097.m185330(), c50097.m185331());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C47367.f152660.m177032())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c50097.m185330(), c50097.m185331());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c20275.m98612().m100279("DER"));
            if (!createSignature.verify(c20275.m98610().m100170())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c20275.m98612().m98655().m176963(InterfaceC20279.f74126).m176954().m100299())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c50097.m185330(), c50097.m185331());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C51741.m190459(e, new StringBuilder("OCSP response failure: ")), e, c50097.m185330(), c50097.m185331());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C6328.m29633(e3, new StringBuilder("OCSP response failure: ")), e3, c50097.m185330(), c50097.m185331());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a5, code lost:
    
        if (r0.m98615().equals(r1.m98672().m98615()) != false) goto L71;
     */
    @Override // p1826.InterfaceC50096
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C49978.m185125("ocsp.enable");
        this.ocspURL = C49978.m185123("ocsp.responderURL");
    }

    @Override // p1826.InterfaceC50096
    public void initialize(C50097 c50097) {
        this.parameters = c50097;
        this.isEnabledOCSP = C49978.m185125("ocsp.enable");
        this.ocspURL = C49978.m185123("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p1826.InterfaceC50096
    public void setParameter(String str, Object obj) {
    }
}
