package org.bouncycastle.jce.provider;

import defpackage.AbstractC16431hnR;
import defpackage.AbstractC16439hnZ;
import defpackage.C15371hBj;
import defpackage.C15581hJd;
import defpackage.C16421hnH;
import defpackage.C16429hnP;
import defpackage.C16469hoC;
import defpackage.C16470hoD;
import defpackage.C16542hqb;
import defpackage.C16543hqc;
import defpackage.C16550hqj;
import defpackage.C16595hsa;
import defpackage.C16598hsd;
import defpackage.C16599hse;
import defpackage.C16605hsk;
import defpackage.C16611hsq;
import defpackage.C16618hsx;
import defpackage.C16620hsz;
import defpackage.InterfaceC15370hBi;
import defpackage.InterfaceC16459hnt;
import defpackage.InterfaceC16490hod;
import defpackage.InterfaceC16532hps;
import defpackage.InterfaceC16545hqe;
import defpackage.InterfaceC16557hqq;
import defpackage.hAK;
import defpackage.hAO;
import defpackage.hBW;
import defpackage.hBX;
import defpackage.hpN;
import defpackage.hpY;
import defpackage.hqE;
import defpackage.hqL;
import defpackage.hqO;
import defpackage.hrX;
import defpackage.hsF;
import defpackage.hsQ;
import defpackage.htQ;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: PG */
/* loaded from: classes7.dex */
public class ProvOcspRevocationChecker implements InterfaceC15370hBi {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final hBW helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C15371hBj parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C16429hnP("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(hqE.p, "SHA224WITHRSA");
        hashMap.put(hqE.m, "SHA256WITHRSA");
        hashMap.put(hqE.n, "SHA384WITHRSA");
        hashMap.put(hqE.o, "SHA512WITHRSA");
        hashMap.put(InterfaceC16532hps.n, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC16532hps.o, "GOST3411WITHECGOST3410");
        hashMap.put(hqO.i, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(hqO.j, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(hAK.d, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(hAK.e, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(hAK.f, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(hAK.g, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(hAK.h, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(hAK.i, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(hAO.i, "SHA1WITHCVC-ECDSA");
        hashMap.put(hAO.j, "SHA224WITHCVC-ECDSA");
        hashMap.put(hAO.k, "SHA256WITHCVC-ECDSA");
        hashMap.put(hAO.l, "SHA384WITHCVC-ECDSA");
        hashMap.put(hAO.m, "SHA512WITHCVC-ECDSA");
        hashMap.put(hpN.a, "XMSS");
        hashMap.put(hpN.b, "XMSSMT");
        hashMap.put(new C16429hnP("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C16429hnP("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C16429hnP("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(htQ.k, "SHA1WITHECDSA");
        hashMap.put(htQ.o, "SHA224WITHECDSA");
        hashMap.put(htQ.p, "SHA256WITHECDSA");
        hashMap.put(htQ.q, "SHA384WITHECDSA");
        hashMap.put(htQ.r, "SHA512WITHECDSA");
        hashMap.put(InterfaceC16557hqq.h, "SHA1WITHRSA");
        hashMap.put(InterfaceC16557hqq.g, "SHA1WITHDSA");
        hashMap.put(hpY.S, "SHA224WITHDSA");
        hashMap.put(hpY.T, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, hBW hbw) {
        this.parent = provRevocationChecker;
        this.helper = hbw;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(hsQ.b(publicKey.getEncoded()).b.n());
    }

    private C16543hqc createCertID(C16543hqc c16543hqc, C16611hsq c16611hsq, C16421hnH c16421hnH) throws CertPathValidatorException {
        return createCertID(c16543hqc.a, c16611hsq, c16421hnH);
    }

    private C16543hqc createCertID(C16599hse c16599hse, C16611hsq c16611hsq, C16421hnH c16421hnH) throws CertPathValidatorException {
        try {
            MessageDigest c = this.helper.c(hBX.a(c16599hse.a));
            return new C16543hqc(c16599hse, new C16470hoD(c.digest(c16611hsq.d().w("DER"))), new C16470hoD(c.digest(c16611hsq.f().b.n())), c16421hnH);
        } catch (Exception e) {
            throw new CertPathValidatorException("problem creating ID: ".concat(e.toString()), e);
        }
    }

    private C16611hsq extractCert() throws CertPathValidatorException {
        try {
            return C16611hsq.e(this.parameters.d.getEncoded());
        } catch (Exception e) {
            String valueOf = String.valueOf(e.getMessage());
            C15371hBj c15371hBj = this.parameters;
            throw new CertPathValidatorException("cannot process signing cert: ".concat(valueOf), e, c15371hBj.b, c15371hBj.c);
        }
    }

    private static String getDigestName(C16429hnP c16429hnP) {
        String a = hBX.a(c16429hnP);
        int indexOf = a.indexOf(45);
        if (indexOf <= 0 || a.startsWith("SHA3")) {
            return a;
        }
        return String.valueOf(a.substring(0, indexOf)).concat(String.valueOf(a.substring(indexOf + 1)));
    }

    /* JADX WARN: Multi-variable type inference failed */
    static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C16618hsx.s.a);
        if (extensionValue == null) {
            return null;
        }
        byte[] bArr = AbstractC16431hnR.h(extensionValue).b;
        C16598hsd[] c16598hsdArr = (bArr instanceof C16605hsk ? (C16605hsk) bArr : bArr != 0 ? new C16605hsk(AbstractC16439hnZ.l(bArr)) : null).a;
        int length = c16598hsdArr.length;
        C16598hsd[] c16598hsdArr2 = new C16598hsd[length];
        System.arraycopy(c16598hsdArr, 0, c16598hsdArr2, 0, length);
        for (int i = 0; i != length; i++) {
            C16598hsd c16598hsd = c16598hsdArr2[i];
            if (C16598hsd.a.z(c16598hsd.b)) {
                C16620hsz c16620hsz = c16598hsd.c;
                if (c16620hsz.b == 6) {
                    try {
                        return new URI(((InterfaceC16490hod) c16620hsz.a).d());
                    } catch (URISyntaxException e) {
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C16599hse c16599hse) {
        InterfaceC16459hnt interfaceC16459hnt = c16599hse.b;
        if (interfaceC16459hnt != null && !C16469hoC.b.y(interfaceC16459hnt) && c16599hse.a.z(hqE.l)) {
            return getDigestName(hqL.c(interfaceC16459hnt).e.a).concat("WITHRSAANDMGF1");
        }
        Map map = oids;
        return map.containsKey(c16599hse.a) ? (String) map.get(c16599hse.a) : c16599hse.a.a;
    }

    private static X509Certificate getSignerCert(C16542hqb c16542hqb, X509Certificate x509Certificate, X509Certificate x509Certificate2, hBW hbw) throws NoSuchProviderException, NoSuchAlgorithmException {
        C16550hqj c16550hqj = c16542hqb.a.a;
        byte[] b = c16550hqj.b();
        if (b != null) {
            MessageDigest c = hbw.c("SHA1");
            if (x509Certificate2 != null && Arrays.equals(b, calcKeyHash(c, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(b, calcKeyHash(c, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        hrX b2 = hrX.b(C16595hsa.a, c16550hqj.a());
        if (x509Certificate2 != null && b2.equals(hrX.b(C16595hsa.a, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !b2.equals(hrX.b(C16595hsa.a, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C16550hqj c16550hqj, X509Certificate x509Certificate, hBW hbw) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] b = c16550hqj.b();
        return b != null ? Arrays.equals(b, calcKeyHash(hbw.c("SHA1"), x509Certificate.getPublicKey())) : hrX.b(C16595hsa.a, c16550hqj.a()).equals(hrX.b(C16595hsa.a, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean validatedOcspResponse(C16542hqb c16542hqb, C15371hBj c15371hBj, byte[] bArr, X509Certificate x509Certificate, hBW hbw) throws CertPathValidatorException {
        try {
            AbstractC16439hnZ abstractC16439hnZ = c16542hqb.d;
            Signature d = hbw.d(getSignatureName(c16542hqb.b));
            X509Certificate signerCert = getSignerCert(c16542hqb, c15371hBj.d, x509Certificate, hbw);
            if (signerCert == null && abstractC16439hnZ == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                d.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) hbw.e("X.509").generateCertificate(new ByteArrayInputStream(abstractC16439hnZ.j(0).q().v()));
                x509Certificate2.verify(c15371hBj.d.getPublicKey());
                x509Certificate2.checkValidity(c15371hBj.a());
                if (!responderMatches(c16542hqb.a.a, x509Certificate2, hbw)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c15371hBj.b, c15371hBj.c);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(hsF.a.b.a)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c15371hBj.b, c15371hBj.c);
                }
                d.initVerify(x509Certificate2);
            }
            d.update(c16542hqb.a.w("DER"));
            if (!d.verify(c16542hqb.c.n())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c16542hqb.a.c.b(InterfaceC16545hqe.c).x.b)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c15371hBj.b, c15371hBj.c);
            }
            return true;
        } catch (IOException e) {
            String valueOf = String.valueOf(e.getMessage());
            throw new CertPathValidatorException("OCSP response failure: ".concat(valueOf), e, c15371hBj.b, c15371hBj.c);
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            String valueOf2 = String.valueOf(e3.getMessage());
            throw new CertPathValidatorException("OCSP response failure: ".concat(valueOf2), e3, c15371hBj.b, c15371hBj.c);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:52:0x016d, code lost:
    
        if (r0.a.equals(r1.a.a) != false) goto L67;
     */
    @Override // defpackage.InterfaceC15370hBi
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 547
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C15581hJd.b("ocsp.enable");
        this.ocspURL = C15581hJd.a("ocsp.responderURL");
    }

    @Override // defpackage.InterfaceC15370hBi
    public void initialize(C15371hBj c15371hBj) {
        this.parameters = c15371hBj;
        this.isEnabledOCSP = C15581hJd.b("ocsp.enable");
        this.ocspURL = C15581hJd.a("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void setParameter(String str, Object obj) {
    }
}
