package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C6358;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p1211.C42078;
import p130.InterfaceC12779;
import p1406.InterfaceC46972;
import p1574.InterfaceC50662;
import p164.C13309;
import p164.InterfaceC13307;
import p1715.C52492;
import p1715.InterfaceC52494;
import p173.InterfaceC14142;
import p1775.InterfaceC53679;
import p1783.C53752;
import p1783.InterfaceC53744;
import p1787.C53902;
import p1913.C56064;
import p1913.C56065;
import p1913.C56073;
import p1913.C56080;
import p1913.C56092;
import p1913.C56096;
import p1913.C56104;
import p1913.C56125;
import p1934.C56561;
import p2031.C59701;
import p2142.InterfaceC62177;
import p2152.C62391;
import p2152.InterfaceC62390;
import p387.C19916;
import p387.C19917;
import p387.C19925;
import p387.InterfaceC19920;
import p488.C24144;
import p524.C24580;
import p545.AbstractC25679;
import p545.AbstractC25689;
import p545.C25667;
import p545.C25676;
import p545.C25749;
import p545.InterfaceC25648;
import p545.InterfaceC25700;
import p648.InterfaceC27795;
import p710.InterfaceC29515;
import p827.C31235;
import p996.InterfaceC37307;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class ProvOcspRevocationChecker implements InterfaceC62390 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC13307 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C62391 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C25676(InterfaceC14142.f52230), "SHA1WITHRSA");
        hashMap.put(InterfaceC53744.f164925, "SHA224WITHRSA");
        hashMap.put(InterfaceC53744.f164872, "SHA256WITHRSA");
        hashMap.put(InterfaceC53744.f164897, "SHA384WITHRSA");
        hashMap.put(InterfaceC53744.f164849, "SHA512WITHRSA");
        hashMap.put(InterfaceC50662.f156095, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC50662.f156096, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC27795.f87721, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC27795.f87722, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC12779.f47756, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC12779.f47757, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC12779.f47758, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC12779.f47759, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC12779.f47760, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC12779.f47761, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC53679.f164731, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC53679.f164732, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC53679.f164733, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC53679.f164734, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC53679.f164735, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC29515.f92825, "XMSS");
        hashMap.put(InterfaceC29515.f92826, "XMSSMT");
        hashMap.put(new C25676("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C25676("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C25676("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC37307.f116645, "SHA1WITHECDSA");
        hashMap.put(InterfaceC37307.f116644, "SHA224WITHECDSA");
        hashMap.put(InterfaceC37307.f116636, "SHA256WITHECDSA");
        hashMap.put(InterfaceC37307.f116639, "SHA384WITHECDSA");
        hashMap.put(InterfaceC37307.f116662, "SHA512WITHECDSA");
        hashMap.put(InterfaceC46972.f146207, "SHA1WITHRSA");
        hashMap.put(InterfaceC46972.f146206, "SHA1WITHDSA");
        hashMap.put(InterfaceC62177.f189624, "SHA224WITHDSA");
        hashMap.put(InterfaceC62177.f189625, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC13307 interfaceC13307) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC13307;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C56125.m207093(publicKey.getEncoded()).m207098().m112933());
    }

    private C19917 createCertID(C19917 c19917, C56080 c56080, C25667 c25667) throws CertPathValidatorException {
        return createCertID(c19917.m90696(), c56080, c25667);
    }

    private C19917 createCertID(C56065 c56065, C56080 c56080, C25667 c25667) throws CertPathValidatorException {
        try {
            MessageDigest mo75011 = this.helper.mo75011(C13309.m75026(c56065.m206761()));
            return new C19917(c56065, new AbstractC25679(mo75011.digest(c56080.m206831().m113042("DER"))), new AbstractC25679(mo75011.digest(c56080.m206832().m207098().m112933())), c25667);
        } catch (Exception e) {
            throw new CertPathValidatorException(C24580.m109652("problem creating ID: ", e), e);
        }
    }

    private C56080 extractCert() throws CertPathValidatorException {
        try {
            return C56080.m206823(this.parameters.m224395().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C56561.m208480(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m224392(), this.parameters.m224393());
        }
    }

    private static String getDigestName(C25676 c25676) {
        String m75026 = C13309.m75026(c25676);
        int indexOf = m75026.indexOf(45);
        if (indexOf <= 0 || m75026.startsWith("SHA3")) {
            return m75026;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m75026.substring(0, indexOf));
        return C24144.m107285(m75026, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C56092.f171615.m113055());
        if (extensionValue == null) {
            return null;
        }
        C56064[] m206799 = C56073.m206798(AbstractC25679.m113059(extensionValue).m113062()).m206799();
        for (int i = 0; i != m206799.length; i++) {
            C56064 c56064 = m206799[i];
            if (C56064.f171489.m113094(c56064.m206758())) {
                C56096 m206757 = c56064.m206757();
                if (m206757.m206933() == 6) {
                    try {
                        return new URI(((InterfaceC25700) m206757.m206935()).mo112920());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C56065 c56065) {
        InterfaceC25648 m206762 = c56065.m206762();
        if (m206762 != null && !C25749.f83358.m113093(m206762) && c56065.m206761().m113094(InterfaceC53744.f164955)) {
            return C42078.m163209(new StringBuilder(), getDigestName(C53752.m199093(m206762).m199094().m206761()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c56065.m206761());
        C25676 m206761 = c56065.m206761();
        return containsKey ? (String) map.get(m206761) : m206761.m113055();
    }

    private static X509Certificate getSignerCert(C19916 c19916, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC13307 interfaceC13307) throws NoSuchProviderException, NoSuchAlgorithmException {
        C19925 m90735 = c19916.m90693().m90735();
        byte[] m90726 = m90735.m90726();
        if (m90726 != null) {
            MessageDigest mo75011 = interfaceC13307.mo75011("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m90726, calcKeyHash(mo75011, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m90726, calcKeyHash(mo75011, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC52494 interfaceC52494 = C31235.f99204;
        C52492 m195783 = C52492.m195783(interfaceC52494, m90735.m90727());
        if (x509Certificate2 != null && m195783.equals(C52492.m195783(interfaceC52494, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m195783.equals(C52492.m195783(interfaceC52494, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C19925 c19925, X509Certificate x509Certificate, InterfaceC13307 interfaceC13307) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m90726 = c19925.m90726();
        if (m90726 != null) {
            return Arrays.equals(m90726, calcKeyHash(interfaceC13307.mo75011("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC52494 interfaceC52494 = C31235.f99204;
        return C52492.m195783(interfaceC52494, c19925.m90727()).equals(C52492.m195783(interfaceC52494, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C19916 c19916, C62391 c62391, byte[] bArr, X509Certificate x509Certificate, InterfaceC13307 interfaceC13307) throws CertPathValidatorException {
        try {
            AbstractC25689 m90690 = c19916.m90690();
            Signature createSignature = interfaceC13307.createSignature(getSignatureName(c19916.m90692()));
            X509Certificate signerCert = getSignerCert(c19916, c62391.m224395(), x509Certificate, interfaceC13307);
            if (signerCert == null && m90690 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC13307.mo75015("X.509").generateCertificate(new ByteArrayInputStream(m90690.mo113115(0).mo41807().getEncoded()));
                x509Certificate2.verify(c62391.m224395().getPublicKey());
                x509Certificate2.checkValidity(c62391.m224396());
                if (!responderMatches(c19916.m90693().m90735(), x509Certificate2, interfaceC13307)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c62391.m224392(), c62391.m224393());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C56104.f171671.m206979())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c62391.m224392(), c62391.m224393());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c19916.m90693().m113042("DER"));
            if (!createSignature.verify(c19916.m90691().m112933())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c19916.m90693().m90736().m206910(InterfaceC19920.f68252).m206901().m113062())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c62391.m224392(), c62391.m224393());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C59701.m216829(e, new StringBuilder("OCSP response failure: ")), e, c62391.m224392(), c62391.m224393());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C6358.m34152(e3, new StringBuilder("OCSP response failure: ")), e3, c62391.m224392(), c62391.m224393());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a9, code lost:
    
        if (r0.m90696().equals(r1.m90753().m90696()) != false) goto L71;
     */
    @Override // p2152.InterfaceC62390
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 663
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C53902.m199757("ocsp.enable");
        this.ocspURL = C53902.m199755("ocsp.responderURL");
    }

    @Override // p2152.InterfaceC62390
    public void initialize(C62391 c62391) {
        this.parameters = c62391;
        this.isEnabledOCSP = C53902.m199757("ocsp.enable");
        this.ocspURL = C53902.m199755("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p2152.InterfaceC62390
    public void setParameter(String str, Object obj) {
    }
}
