package org.bouncycastle.jce.provider;

import defpackage.ahb;
import defpackage.b0;
import defpackage.cei;
import defpackage.cmd;
import defpackage.d0;
import defpackage.d0l;
import defpackage.d1j;
import defpackage.dam;
import defpackage.e1j;
import defpackage.e6m;
import defpackage.eei;
import defpackage.eg;
import defpackage.f6m;
import defpackage.fei;
import defpackage.fel;
import defpackage.fwv;
import defpackage.g0;
import defpackage.g17;
import defpackage.g6m;
import defpackage.gjn;
import defpackage.gw1;
import defpackage.hei;
import defpackage.ii1;
import defpackage.k0;
import defpackage.kxv;
import defpackage.n0;
import defpackage.nj1;
import defpackage.p0;
import defpackage.q0;
import defpackage.qw;
import defpackage.r67;
import defpackage.rcg;
import defpackage.sm3;
import defpackage.t67;
import defpackage.tm3;
import defpackage.um3;
import defpackage.vk0;
import defpackage.vlh;
import defpackage.vqg;
import defpackage.vsd;
import defpackage.w0;
import defpackage.x3a;
import defpackage.y61;
import defpackage.yae;
import defpackage.ye;
import defpackage.yhp;
import defpackage.yhq;
import defpackage.z0;
import defpackage.z0j;
import defpackage.z49;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.Extension;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class ProvOcspRevocationChecker implements d1j {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final vsd helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private e1j parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new p0("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(z0j.y0, "SHA224WITHRSA");
        hashMap.put(z0j.v0, "SHA256WITHRSA");
        hashMap.put(z0j.w0, "SHA384WITHRSA");
        hashMap.put(z0j.x0, "SHA512WITHRSA");
        hashMap.put(g17.m, "GOST3411WITHGOST3410");
        hashMap.put(g17.n, "GOST3411WITHECGOST3410");
        hashMap.put(gjn.g, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(gjn.h, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(nj1.a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(nj1.b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(nj1.c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(nj1.d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(nj1.e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(nj1.f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(z49.a, "SHA1WITHCVC-ECDSA");
        hashMap.put(z49.b, "SHA224WITHCVC-ECDSA");
        hashMap.put(z49.c, "SHA256WITHCVC-ECDSA");
        hashMap.put(z49.d, "SHA384WITHCVC-ECDSA");
        hashMap.put(z49.e, "SHA512WITHCVC-ECDSA");
        hashMap.put(cmd.a, "XMSS");
        hashMap.put(cmd.b, "XMSSMT");
        hashMap.put(new p0("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new p0("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new p0("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(kxv.O1, "SHA1WITHECDSA");
        hashMap.put(kxv.R1, "SHA224WITHECDSA");
        hashMap.put(kxv.S1, "SHA256WITHECDSA");
        hashMap.put(kxv.T1, "SHA384WITHECDSA");
        hashMap.put(kxv.U1, "SHA512WITHECDSA");
        hashMap.put(hei.h, "SHA1WITHRSA");
        hashMap.put(hei.g, "SHA1WITHDSA");
        hashMap.put(vlh.P, "SHA224WITHDSA");
        hashMap.put(vlh.Q, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, vsd vsdVar) {
        this.parent = provRevocationChecker;
        this.helper = vsdVar;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(yhq.o(publicKey.getEncoded()).d.D());
    }

    private sm3 createCertID(qw qwVar, um3 um3Var, k0 k0Var) throws CertPathValidatorException {
        try {
            MessageDigest a = this.helper.a(vqg.b(qwVar.c));
            return new sm3(qwVar, new t67(a.digest(um3Var.d.Z.n("DER"))), new t67(a.digest(um3Var.d.S2.d.D())), k0Var);
        } catch (Exception e) {
            throw new CertPathValidatorException("problem creating ID: " + e, e);
        }
    }

    private sm3 createCertID(sm3 sm3Var, um3 um3Var, k0 k0Var) throws CertPathValidatorException {
        return createCertID(sm3Var.c, um3Var, k0Var);
    }

    private um3 extractCert() throws CertPathValidatorException {
        try {
            return um3.o(this.parameters.e.getEncoded());
        } catch (Exception e) {
            String c = rcg.c(e, new StringBuilder("cannot process signing cert: "));
            e1j e1jVar = this.parameters;
            throw new CertPathValidatorException(c, e, e1jVar.c, e1jVar.d);
        }
    }

    private static String getDigestName(p0 p0Var) {
        String b = vqg.b(p0Var);
        int indexOf = b.indexOf(45);
        if (indexOf <= 0 || b.startsWith("SHA3")) {
            return b;
        }
        return b.substring(0, indexOf) + b.substring(indexOf + 1);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(x3a.f3.c);
        if (extensionValue == null) {
            return null;
        }
        byte[] bArr = q0.C(extensionValue).c;
        ye[] yeVarArr = (bArr instanceof y61 ? (y61) bArr : bArr != 0 ? new y61(w0.F(bArr)) : null).c;
        int length = yeVarArr.length;
        ye[] yeVarArr2 = new ye[length];
        System.arraycopy(yeVarArr, 0, yeVarArr2, 0, yeVarArr.length);
        for (int i = 0; i != length; i++) {
            ye yeVar = yeVarArr2[i];
            if (ye.q.w(yeVar.c)) {
                ahb ahbVar = yeVar.d;
                if (ahbVar.d == 6) {
                    try {
                        return new URI(((z0) ahbVar.c).l());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(qw qwVar) {
        b0 b0Var = qwVar.d;
        p0 p0Var = qwVar.c;
        if (b0Var != null && !r67.d.v(b0Var) && p0Var.w(z0j.u0)) {
            return vk0.F(new StringBuilder(), getDigestName(fel.o(b0Var).c.c), "WITHRSAANDMGF1");
        }
        Map map = oids;
        return map.containsKey(p0Var) ? (String) map.get(p0Var) : p0Var.c;
    }

    private static X509Certificate getSignerCert(gw1 gw1Var, X509Certificate x509Certificate, X509Certificate x509Certificate2, vsd vsdVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        n0 n0Var = gw1Var.c.q.c;
        byte[] bArr = n0Var instanceof q0 ? ((q0) n0Var).c : null;
        if (bArr != null) {
            MessageDigest a = vsdVar.a("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, calcKeyHash(a, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, calcKeyHash(a, x509Certificate.getPublicKey()))) {
                return x509Certificate;
            }
        } else {
            ii1 ii1Var = ii1.S2;
            fwv o = fwv.o(ii1Var, n0Var instanceof q0 ? null : fwv.q(n0Var));
            if (x509Certificate2 != null && o.equals(fwv.o(ii1Var, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && o.equals(fwv.o(ii1Var, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    private static boolean responderMatches(e6m e6mVar, X509Certificate x509Certificate, vsd vsdVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        n0 n0Var = e6mVar.c;
        byte[] bArr = n0Var instanceof q0 ? ((q0) n0Var).c : null;
        if (bArr != null) {
            return Arrays.equals(bArr, calcKeyHash(vsdVar.a("SHA1"), x509Certificate.getPublicKey()));
        }
        ii1 ii1Var = ii1.S2;
        return fwv.o(ii1Var, n0Var instanceof q0 ? null : fwv.q(n0Var)).equals(fwv.o(ii1Var, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(gw1 gw1Var, e1j e1jVar, byte[] bArr, X509Certificate x509Certificate, vsd vsdVar) throws CertPathValidatorException {
        try {
            w0 w0Var = gw1Var.x;
            Signature createSignature = vsdVar.createSignature(getSignatureName(gw1Var.d));
            X509Certificate signerCert = getSignerCert(gw1Var, e1jVar.e, x509Certificate, vsdVar);
            if (signerCert == null && w0Var == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            g6m g6mVar = gw1Var.c;
            int i = e1jVar.d;
            CertPath certPath = e1jVar.c;
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) vsdVar.g("X.509").generateCertificate(new ByteArrayInputStream(w0Var.G(0).i().getEncoded()));
                x509Certificate2.verify(e1jVar.e.getPublicKey());
                x509Certificate2.checkValidity(new Date(e1jVar.b.getTime()));
                if (!responderMatches(g6mVar.q, x509Certificate2, vsdVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, certPath, i);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(yae.q.c.c)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, certPath, i);
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(g6mVar.n("DER"));
            if (!createSignature.verify(gw1Var.q.D())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, g6mVar.f1920X.o(cei.b).q.c)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, certPath, i);
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(vk0.C(e, new StringBuilder("OCSP response failure: ")), e, e1jVar.c, e1jVar.d);
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException("OCSP response failure: " + e3.getMessage(), e3, e1jVar.c, e1jVar.d);
        }
    }

    @Override // defpackage.d1j
    public void check(Certificate certificate) throws CertPathValidatorException {
        URI ocspResponder;
        List ocspExtensions;
        byte[] bArr;
        boolean z;
        byte[] value;
        String id;
        X509Certificate ocspResponderCert;
        X509Certificate ocspResponderCert2;
        List ocspExtensions2;
        URI ocspResponder2;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        Map a = a.a(this.parent);
        ocspResponder = this.parent.getOcspResponder();
        if (ocspResponder == null) {
            if (this.ocspURL != null) {
                try {
                    ocspResponder = new URI(this.ocspURL);
                } catch (URISyntaxException e) {
                    String str = "configuration error: " + e.getMessage();
                    e1j e1jVar = this.parameters;
                    throw new CertPathValidatorException(str, e, e1jVar.c, e1jVar.d);
                }
            } else {
                ocspResponder = getOcspResponderURI(x509Certificate);
            }
        }
        URI uri = ocspResponder;
        if (a.get(x509Certificate) != null || uri == null) {
            ocspExtensions = this.parent.getOcspExtensions();
            bArr = null;
            for (int i = 0; i != ocspExtensions.size(); i++) {
                Extension c = eg.c(ocspExtensions.get(i));
                value = c.getValue();
                String str2 = cei.b.c;
                id = c.getId();
                if (str2.equals(id)) {
                    bArr = value;
                }
            }
            z = false;
        } else {
            if (this.ocspURL == null) {
                ocspResponder2 = this.parent.getOcspResponder();
                if (ocspResponder2 == null && !this.isEnabledOCSP) {
                    e1j e1jVar2 = this.parameters;
                    throw new RecoverableCertPathValidatorException("OCSP disabled by \"ocsp.enable\" setting", null, e1jVar2.c, e1jVar2.d);
                }
            }
            sm3 createCertID = createCertID(new qw(hei.f), extractCert(), new k0(x509Certificate.getSerialNumber()));
            e1j e1jVar3 = this.parameters;
            ocspResponderCert2 = this.parent.getOcspResponderCert();
            ocspExtensions2 = this.parent.getOcspExtensions();
            try {
                a.put(x509Certificate, OcspCache.getOcspResponse(createCertID, e1jVar3, uri, ocspResponderCert2, ocspExtensions2, this.helper).getEncoded());
                z = true;
                bArr = null;
            } catch (IOException e2) {
                e1j e1jVar4 = this.parameters;
                throw new CertPathValidatorException("unable to encode OCSP response", e2, e1jVar4.c, e1jVar4.d);
            }
        }
        if (a.isEmpty()) {
            e1j e1jVar5 = this.parameters;
            throw new RecoverableCertPathValidatorException("no OCSP response found for any certificate", null, e1jVar5.c, e1jVar5.d);
        }
        Object obj = a.get(x509Certificate);
        eei eeiVar = obj instanceof eei ? (eei) obj : obj != null ? new eei(w0.F(obj)) : null;
        k0 k0Var = new k0(x509Certificate.getSerialNumber());
        if (eeiVar == null) {
            e1j e1jVar6 = this.parameters;
            throw new RecoverableCertPathValidatorException("no OCSP response found for certificate", null, e1jVar6.c, e1jVar6.d);
        }
        fei feiVar = eeiVar.c;
        if (feiVar.c.E() != 0) {
            StringBuilder sb = new StringBuilder("OCSP response failed: ");
            d0 d0Var = feiVar.c;
            d0Var.getClass();
            sb.append(new BigInteger(d0Var.c));
            String sb2 = sb.toString();
            e1j e1jVar7 = this.parameters;
            throw new CertPathValidatorException(sb2, null, e1jVar7.c, e1jVar7.d);
        }
        f6m o = f6m.o(eeiVar.d);
        if (o.c.w(cei.a)) {
            try {
                gw1 o2 = gw1.o(o.d.c);
                if (!z) {
                    e1j e1jVar8 = this.parameters;
                    ocspResponderCert = this.parent.getOcspResponderCert();
                    if (!validatedOcspResponse(o2, e1jVar8, bArr, ocspResponderCert, this.helper)) {
                        return;
                    }
                }
                w0 w0Var = g6m.o(o2.c).y;
                sm3 sm3Var = null;
                for (int i2 = 0; i2 != w0Var.size(); i2++) {
                    b0 G = w0Var.G(i2);
                    yhp yhpVar = G instanceof yhp ? (yhp) G : G != null ? new yhp(w0.F(G)) : null;
                    if (k0Var.w(yhpVar.c.x)) {
                        g0 g0Var = yhpVar.x;
                        if (g0Var != null) {
                            e1j e1jVar9 = this.parameters;
                            e1jVar9.getClass();
                            if (new Date(e1jVar9.b.getTime()).after(g0Var.E())) {
                                throw new ExtCertPathValidatorException();
                            }
                        }
                        sm3 sm3Var2 = yhpVar.c;
                        if (sm3Var == null || !sm3Var.c.equals(sm3Var2.c)) {
                            sm3Var = createCertID(sm3Var2, extractCert(), k0Var);
                        }
                        if (sm3Var.equals(sm3Var2)) {
                            tm3 tm3Var = yhpVar.d;
                            int i3 = tm3Var.c;
                            if (i3 == 0) {
                                return;
                            }
                            if (i3 != 1) {
                                e1j e1jVar10 = this.parameters;
                                throw new CertPathValidatorException("certificate revoked, details unknown", null, e1jVar10.c, e1jVar10.d);
                            }
                            n0 n0Var = tm3Var.d;
                            dam damVar = !(n0Var instanceof dam) ? n0Var != null ? new dam(w0.F(n0Var)) : null : (dam) n0Var;
                            String str3 = "certificate revoked, reason=(" + damVar.d + "), date=" + damVar.c.E();
                            e1j e1jVar11 = this.parameters;
                            throw new CertPathValidatorException(str3, null, e1jVar11.c, e1jVar11.d);
                        }
                    }
                }
            } catch (CertPathValidatorException e3) {
                throw e3;
            } catch (Exception e4) {
                e1j e1jVar12 = this.parameters;
                throw new CertPathValidatorException("unable to process OCSP response", e4, e1jVar12.c, e1jVar12.d);
            }
        }
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = d0l.b("ocsp.enable");
        this.ocspURL = d0l.a("ocsp.responderURL");
    }

    @Override // defpackage.d1j
    public void initialize(e1j e1jVar) {
        this.parameters = e1jVar;
        this.isEnabledOCSP = d0l.b("ocsp.enable");
        this.ocspURL = d0l.a("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void setParameter(String str, Object obj) {
    }
}
