package org.bouncycastle.jce.provider;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import o.a.a.c3.c0;
import o.a.a.c3.h;
import o.a.a.c3.m0;
import o.a.a.c3.u;
import o.a.a.c3.w;
import o.a.a.d3.m;
import o.a.a.e;
import o.a.a.g2.a;
import o.a.a.k;
import o.a.a.s;
import o.a.a.u2.i;
import o.a.a.v0;
import o.a.a.v2.b;
import o.a.a.x0;
import o.a.a.y;
import o.a.c.n;
import o.a.c.o;
import o.a.c.w.c;
import o.a.c.w.d;
import o.a.g.g;

/* loaded from: classes2.dex */
public class ProvOcspRevocationChecker implements n {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final c helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private o parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new o.a.a.n("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(o.a.a.w2.n.v0, "SHA224WITHRSA");
        hashMap.put(o.a.a.w2.n.s0, "SHA256WITHRSA");
        hashMap.put(o.a.a.w2.n.t0, "SHA384WITHRSA");
        hashMap.put(o.a.a.w2.n.u0, "SHA512WITHRSA");
        hashMap.put(a.f22907n, "GOST3411WITHGOST3410");
        hashMap.put(a.f22908o, "GOST3411WITHECGOST3410");
        hashMap.put(o.a.a.x2.a.f23242i, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(o.a.a.x2.a.f23243j, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(o.a.a.d2.a.f22815d, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(o.a.a.d2.a.f22816e, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(o.a.a.d2.a.f22817f, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(o.a.a.d2.a.f22818g, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(o.a.a.d2.a.f22819h, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(o.a.a.d2.a.f22820i, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(o.a.a.h2.a.f22940i, "SHA1WITHCVC-ECDSA");
        hashMap.put(o.a.a.h2.a.f22941j, "SHA224WITHCVC-ECDSA");
        hashMap.put(o.a.a.h2.a.f22942k, "SHA256WITHCVC-ECDSA");
        hashMap.put(o.a.a.h2.a.f22943l, "SHA384WITHCVC-ECDSA");
        hashMap.put(o.a.a.h2.a.f22944m, "SHA512WITHCVC-ECDSA");
        hashMap.put(o.a.a.m2.a.a, "XMSS");
        hashMap.put(o.a.a.m2.a.f23006b, "XMSSMT");
        hashMap.put(new o.a.a.n("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new o.a.a.n("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new o.a.a.n("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(m.Z1, "SHA1WITHECDSA");
        hashMap.put(m.e2, "SHA224WITHECDSA");
        hashMap.put(m.f2, "SHA256WITHECDSA");
        hashMap.put(m.g2, "SHA384WITHECDSA");
        hashMap.put(m.h2, "SHA512WITHECDSA");
        hashMap.put(b.f23151h, "SHA1WITHRSA");
        hashMap.put(b.f23150g, "SHA1WITHDSA");
        hashMap.put(o.a.a.r2.b.S, "SHA224WITHDSA");
        hashMap.put(o.a.a.r2.b.T, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, c cVar) {
        this.parent = provRevocationChecker;
        this.helper = cVar;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(m0.o(publicKey.getEncoded()).f22711c.F());
    }

    private o.a.a.u2.b createCertID(o.a.a.c3.b bVar, o.a.a.c3.n nVar, k kVar) throws CertPathValidatorException {
        try {
            MessageDigest b2 = this.helper.b(d.a(bVar.f22644b));
            return new o.a.a.u2.b(bVar, new x0(b2.digest(nVar.f22713c.f22737k.n("DER"))), new x0(b2.digest(nVar.f22713c.f22738l.f22711c.F())), kVar);
        } catch (Exception e2) {
            throw new CertPathValidatorException("problem creating ID: " + e2, e2);
        }
    }

    private o.a.a.u2.b createCertID(o.a.a.u2.b bVar, o.a.a.c3.n nVar, k kVar) throws CertPathValidatorException {
        return createCertID(bVar.f23105b, nVar, kVar);
    }

    private o.a.a.c3.n extractCert() throws CertPathValidatorException {
        try {
            return o.a.a.c3.n.o(this.parameters.f24477e.getEncoded());
        } catch (Exception e2) {
            String Y0 = b.d.b.a.a.Y0(e2, b.d.b.a.a.L1("cannot process signing cert: "));
            o oVar = this.parameters;
            throw new CertPathValidatorException(Y0, e2, oVar.f24475c, oVar.f24476d);
        }
    }

    private static String getDigestName(o.a.a.n nVar) {
        String a = d.a(nVar);
        int indexOf = a.indexOf(45);
        if (indexOf <= 0 || a.startsWith("SHA3")) {
            return a;
        }
        return a.substring(0, indexOf) + a.substring(indexOf + 1);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(u.v.f23008c);
        if (extensionValue == null) {
            return null;
        }
        byte[] bArr = o.a.a.o.F(extensionValue).f23015b;
        o.a.a.c3.a[] aVarArr = (bArr instanceof h ? (h) bArr : bArr != 0 ? new h(s.F(bArr)) : null).f22683b;
        int length = aVarArr.length;
        o.a.a.c3.a[] aVarArr2 = new o.a.a.c3.a[length];
        System.arraycopy(aVarArr, 0, aVarArr2, 0, aVarArr.length);
        for (int i2 = 0; i2 != length; i2++) {
            o.a.a.c3.a aVar = aVarArr2[i2];
            if (o.a.a.c3.a.f22638b.y(aVar.f22639c)) {
                w wVar = aVar.f22640d;
                if (wVar.f22785c == 6) {
                    try {
                        return new URI(((y) wVar.f22784b).getString());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(o.a.a.c3.b bVar) {
        e eVar = bVar.f22645c;
        if (eVar != null && !v0.f23141b.w(eVar) && bVar.f22644b.y(o.a.a.w2.n.r0)) {
            return b.d.b.a.a.y1(new StringBuilder(), getDigestName(o.a.a.w2.u.o(eVar).f23219h.f22644b), "WITHRSAANDMGF1");
        }
        Map map = oids;
        return map.containsKey(bVar.f22644b) ? (String) map.get(bVar.f22644b) : bVar.f22644b.f23008c;
    }

    private static X509Certificate getSignerCert(o.a.a.u2.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2, c cVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        e eVar = aVar.f23101b.f23124g.f23118b;
        boolean z = eVar instanceof o.a.a.o;
        byte[] bArr = z ? ((o.a.a.o) eVar).f23015b : null;
        if (bArr != null) {
            MessageDigest b2 = cVar.b("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, calcKeyHash(b2, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, calcKeyHash(b2, x509Certificate.getPublicKey()))) {
                return x509Certificate;
            }
        } else {
            o.a.a.b3.d dVar = o.a.a.b3.e.b.Q;
            o.a.a.b3.c u = o.a.a.b3.c.u(dVar, z ? null : o.a.a.b3.c.o(eVar));
            if (x509Certificate2 != null && u.equals(o.a.a.b3.c.u(dVar, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && u.equals(o.a.a.b3.c.u(dVar, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    private static boolean responderMatches(i iVar, X509Certificate x509Certificate, c cVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        e eVar = iVar.f23118b;
        boolean z = eVar instanceof o.a.a.o;
        byte[] bArr = z ? ((o.a.a.o) eVar).f23015b : null;
        if (bArr != null) {
            return Arrays.equals(bArr, calcKeyHash(cVar.b("SHA1"), x509Certificate.getPublicKey()));
        }
        o.a.a.b3.d dVar = o.a.a.b3.e.b.Q;
        return o.a.a.b3.c.u(dVar, z ? null : o.a.a.b3.c.o(eVar)).equals(o.a.a.b3.c.u(dVar, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(o.a.a.u2.a aVar, o oVar, byte[] bArr, X509Certificate x509Certificate, c cVar) throws CertPathValidatorException {
        try {
            s sVar = aVar.f23104g;
            Signature createSignature = cVar.createSignature(getSignatureName(aVar.f23102c));
            X509Certificate signerCert = getSignerCert(aVar, oVar.f24477e, x509Certificate, cVar);
            if (signerCert == null && sVar == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) cVar.e("X.509").generateCertificate(new ByteArrayInputStream(sVar.H(0).f().getEncoded()));
                x509Certificate2.verify(oVar.f24477e.getPublicKey());
                x509Certificate2.checkValidity(oVar.a());
                if (!responderMatches(aVar.f23101b.f23124g, x509Certificate2, cVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, oVar.f24475c, oVar.f24476d);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(c0.f22656c.f22657d.f23008c)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, oVar.f24475c, oVar.f24476d);
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(aVar.f23101b.n("DER"));
            if (!createSignature.verify(aVar.f23103d.F())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, aVar.f23101b.f23127j.o(o.a.a.u2.d.f23112c).A.f23015b)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, oVar.f24475c, oVar.f24476d);
            }
            return true;
        } catch (IOException e2) {
            throw new CertPathValidatorException(b.d.b.a.a.W0(e2, b.d.b.a.a.L1("OCSP response failure: ")), e2, oVar.f24475c, oVar.f24476d);
        } catch (CertPathValidatorException e3) {
            throw e3;
        } catch (GeneralSecurityException e4) {
            StringBuilder L1 = b.d.b.a.a.L1("OCSP response failure: ");
            L1.append(e4.getMessage());
            throw new CertPathValidatorException(L1.toString(), e4, oVar.f24475c, oVar.f24476d);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x0170, code lost:
    
        if (r0.f23105b.equals(r1.f23130b.f23105b) != false) goto L66;
     */
    @Override // o.a.c.n
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 545
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = g.b("ocsp.enable");
        this.ocspURL = g.a("ocsp.responderURL");
    }

    @Override // o.a.c.n
    public void initialize(o oVar) {
        this.parameters = oVar;
        this.isEnabledOCSP = g.b("ocsp.enable");
        this.ocspURL = g.a("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void setParameter(String str, Object obj) {
    }
}
