package org.bouncycastle.jce.provider;

import defpackage.AbstractC0972x75a59e4;
import defpackage.AbstractC0978x7c8472d1;
import defpackage.AbstractC1252xee323a2e;
import defpackage.C0967x4a1d7445;
import defpackage.C0971x978cfc18;
import defpackage.C1029x7f163673;
import defpackage.C1144x17a81eeb;
import defpackage.C1381x16dcfcd2;
import defpackage.C1405xa8d530c2;
import defpackage.InterfaceC0959xebfdcd8f;
import defpackage.InterfaceC0983xa3304636;
import defpackage.InterfaceC1429x8e7861cb;
import defpackage.aw1;
import defpackage.bl1;
import defpackage.du;
import defpackage.fl1;
import defpackage.g22;
import defpackage.gl1;
import defpackage.hr0;
import defpackage.ht0;
import defpackage.ih;
import defpackage.kb;
import defpackage.kh;
import defpackage.lb1;
import defpackage.lf0;
import defpackage.lf2;
import defpackage.me1;
import defpackage.my2;
import defpackage.n6;
import defpackage.ns1;
import defpackage.ny2;
import defpackage.ov1;
import defpackage.p6;
import defpackage.re1;
import defpackage.s81;
import defpackage.sp;
import defpackage.sz2;
import defpackage.t;
import defpackage.t20;
import defpackage.tf;
import defpackage.x02;
import defpackage.xv0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvOcspRevocationChecker implements fl1 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final ht0 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private gl1 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C0971x978cfc18("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(bl1.f2244x6bebfdb7, "SHA224WITHRSA");
        hashMap.put(bl1.f2241x12098ea3, "SHA256WITHRSA");
        hashMap.put(bl1.f2242x9957b0cd, "SHA384WITHRSA");
        hashMap.put(bl1.f2243xf4447a3f, "SHA512WITHRSA");
        hashMap.put(tf.f28236x324474e9, "GOST3411WITHGOST3410");
        hashMap.put(tf.f28237x911714f9, "GOST3411WITHECGOST3410");
        hashMap.put(g22.f22281xd21214e5, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(g22.f22282x4b164820, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC1429x8e7861cb.f32698xb5f23d2a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1429x8e7861cb.f32699xd206d0dd, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1429x8e7861cb.f32700x1835ec39, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1429x8e7861cb.f32701x357d9dc0, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1429x8e7861cb.f32702x9fe36516, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1429x8e7861cb.f32703xfab78d4, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(du.f21285xb5f23d2a, "SHA1WITHCVC-ECDSA");
        hashMap.put(du.f21286xd206d0dd, "SHA224WITHCVC-ECDSA");
        hashMap.put(du.f21287x1835ec39, "SHA256WITHCVC-ECDSA");
        hashMap.put(du.f21288x357d9dc0, "SHA384WITHCVC-ECDSA");
        hashMap.put(du.f21289x9fe36516, "SHA512WITHCVC-ECDSA");
        hashMap.put(hr0.f23159xb5f23d2a, "XMSS");
        hashMap.put(hr0.f23160xd206d0dd, "XMSSMT");
        hashMap.put(new C0971x978cfc18("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C0971x978cfc18("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C0971x978cfc18("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(sz2.f27957x7440aa8, "SHA1WITHECDSA");
        hashMap.put(sz2.f27960x18cd571d, "SHA224WITHECDSA");
        hashMap.put(sz2.f27961x5348dd65, "SHA256WITHECDSA");
        hashMap.put(sz2.f27962xaa0d5664, "SHA384WITHECDSA");
        hashMap.put(sz2.f27963xf35ef8ed, "SHA512WITHECDSA");
        hashMap.put(re1.f27385x4b164820, "SHA1WITHRSA");
        hashMap.put(re1.f27384xd21214e5, "SHA1WITHDSA");
        hashMap.put(lb1.f24725xd2f5a265, "SHA224WITHDSA");
        hashMap.put(lb1.f24726xb9fae202, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, ht0 ht0Var) {
        this.parent = provRevocationChecker;
        this.helper = ht0Var;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(lf2.m11322xf2aebc(publicKey.getEncoded()).f24811x9235de.m15299xbb6e6047());
    }

    private n6 createCertID(n6 n6Var, p6 p6Var, C0967x4a1d7445 c0967x4a1d7445) throws CertPathValidatorException {
        return createCertID(n6Var.f25535x4a8a3d98, p6Var, c0967x4a1d7445);
    }

    private n6 createCertID(C1144x17a81eeb c1144x17a81eeb, p6 p6Var, C0967x4a1d7445 c0967x4a1d7445) throws CertPathValidatorException {
        try {
            MessageDigest mo10583xd206d0dd = this.helper.mo10583xd206d0dd(s81.m13207xb5f23d2a(c1144x17a81eeb.f31961x4a8a3d98));
            return new n6(c1144x17a81eeb, new kh(mo10583xd206d0dd.digest(p6Var.f26435x9235de.f26136x279d5878.m15347x551f074e("DER"))), new kh(mo10583xd206d0dd.digest(p6Var.f26435x9235de.f26137x768c46da.f24811x9235de.m15299xbb6e6047())), c0967x4a1d7445);
        } catch (Exception e) {
            throw new CertPathValidatorException("problem creating ID: " + e, e);
        }
    }

    private p6 extractCert() throws CertPathValidatorException {
        try {
            return p6.m12324xf2aebc(this.parameters.f22596x9fe36516.getEncoded());
        } catch (Exception e) {
            String m13288xb5f23d2a = sp.m13288xb5f23d2a(e, aw1.m1107xb5f23d2a("cannot process signing cert: "));
            gl1 gl1Var = this.parameters;
            throw new CertPathValidatorException(m13288xb5f23d2a, e, gl1Var.f22594x1835ec39, gl1Var.f22595x357d9dc0);
        }
    }

    private static String getDigestName(C0971x978cfc18 c0971x978cfc18) {
        String m13207xb5f23d2a = s81.m13207xb5f23d2a(c0971x978cfc18);
        int indexOf = m13207xb5f23d2a.indexOf(45);
        if (indexOf <= 0 || m13207xb5f23d2a.startsWith("SHA3")) {
            return m13207xb5f23d2a;
        }
        return m13207xb5f23d2a.substring(0, indexOf) + m13207xb5f23d2a.substring(indexOf + 1);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(t20.f28096x35849f23.f31550x4a8a3d98);
        if (extensionValue == null) {
            return null;
        }
        byte[] bArr = AbstractC0972x75a59e4.m15358x9957b0cd(extensionValue).f31552x4a8a3d98;
        C1029x7f163673[] c1029x7f163673Arr = (bArr instanceof C1381x16dcfcd2 ? (C1381x16dcfcd2) bArr : bArr != 0 ? new C1381x16dcfcd2(AbstractC0978x7c8472d1.m15373x9957b0cd(bArr)) : null).f32555x4a8a3d98;
        int length = c1029x7f163673Arr.length;
        C1029x7f163673[] c1029x7f163673Arr2 = new C1029x7f163673[length];
        System.arraycopy(c1029x7f163673Arr, 0, c1029x7f163673Arr2, 0, c1029x7f163673Arr.length);
        for (int i = 0; i != length; i++) {
            C1029x7f163673 c1029x7f163673 = c1029x7f163673Arr2[i];
            if (C1029x7f163673.f31645x31e4d330.m15371x3b651f72(c1029x7f163673.f31646x4a8a3d98)) {
                lf0 lf0Var = c1029x7f163673.f31647x9235de;
                if (lf0Var.f24807x9235de == 6) {
                    try {
                        return new URI(((InterfaceC0983xa3304636) lf0Var.f24806x4a8a3d98).mo199x357d9dc0());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C1144x17a81eeb c1144x17a81eeb) {
        InterfaceC0959xebfdcd8f interfaceC0959xebfdcd8f = c1144x17a81eeb.f31962x9235de;
        if (interfaceC0959xebfdcd8f != null && !ih.f23406x4a8a3d98.m15370x3b82a34b(interfaceC0959xebfdcd8f) && c1144x17a81eeb.f31961x4a8a3d98.m15371x3b651f72(bl1.f2240xbb6e6047)) {
            return AbstractC1252xee323a2e.m15774xb5f23d2a(new StringBuilder(), getDigestName(ov1.m12280xf2aebc(interfaceC0959xebfdcd8f).f26325x4a8a3d98.f31961x4a8a3d98), "WITHRSAANDMGF1");
        }
        Map map = oids;
        return map.containsKey(c1144x17a81eeb.f31961x4a8a3d98) ? (String) map.get(c1144x17a81eeb.f31961x4a8a3d98) : c1144x17a81eeb.f31961x4a8a3d98.f31550x4a8a3d98;
    }

    private static X509Certificate getSignerCert(t tVar, X509Certificate x509Certificate, X509Certificate x509Certificate2, ht0 ht0Var) throws NoSuchProviderException, NoSuchAlgorithmException {
        InterfaceC0959xebfdcd8f interfaceC0959xebfdcd8f = tVar.f27993x4a8a3d98.f21399x31e4d330.f29927x4a8a3d98;
        boolean z = interfaceC0959xebfdcd8f instanceof AbstractC0972x75a59e4;
        byte[] bArr = z ? ((AbstractC0972x75a59e4) interfaceC0959xebfdcd8f).f31552x4a8a3d98 : null;
        if (bArr != null) {
            MessageDigest mo10583xd206d0dd = ht0Var.mo10583xd206d0dd("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, calcKeyHash(mo10583xd206d0dd, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, calcKeyHash(mo10583xd206d0dd, x509Certificate.getPublicKey()))) {
                return x509Certificate;
            }
        } else {
            ny2 ny2Var = C1405xa8d530c2.f32638x324474e9;
            my2 m11681xf2aebc = my2.m11681xf2aebc(ny2Var, z ? null : my2.m11682x70388696(interfaceC0959xebfdcd8f));
            if (x509Certificate2 != null && m11681xf2aebc.equals(my2.m11681xf2aebc(ny2Var, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && m11681xf2aebc.equals(my2.m11681xf2aebc(ny2Var, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    private static boolean responderMatches(x02 x02Var, X509Certificate x509Certificate, ht0 ht0Var) throws NoSuchProviderException, NoSuchAlgorithmException {
        InterfaceC0959xebfdcd8f interfaceC0959xebfdcd8f = x02Var.f29927x4a8a3d98;
        boolean z = interfaceC0959xebfdcd8f instanceof AbstractC0972x75a59e4;
        byte[] bArr = z ? ((AbstractC0972x75a59e4) interfaceC0959xebfdcd8f).f31552x4a8a3d98 : null;
        if (bArr != null) {
            return Arrays.equals(bArr, calcKeyHash(ht0Var.mo10583xd206d0dd("SHA1"), x509Certificate.getPublicKey()));
        }
        ny2 ny2Var = C1405xa8d530c2.f32638x324474e9;
        return my2.m11681xf2aebc(ny2Var, z ? null : my2.m11682x70388696(interfaceC0959xebfdcd8f)).equals(my2.m11681xf2aebc(ny2Var, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(t tVar, gl1 gl1Var, byte[] bArr, X509Certificate x509Certificate, ht0 ht0Var) throws CertPathValidatorException {
        try {
            AbstractC0978x7c8472d1 abstractC0978x7c8472d1 = tVar.f27996xc2433059;
            Signature createSignature = ht0Var.createSignature(getSignatureName(tVar.f27994x9235de));
            X509Certificate signerCert = getSignerCert(tVar, gl1Var.f22596x9fe36516, x509Certificate, ht0Var);
            if (signerCert == null && abstractC0978x7c8472d1 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) ht0Var.mo10586x9fe36516("X.509").generateCertificate(new ByteArrayInputStream(abstractC0978x7c8472d1.mo11009xf4447a3f(0).mo71xd206d0dd().getEncoded()));
                x509Certificate2.verify(gl1Var.f22596x9fe36516.getPublicKey());
                x509Certificate2.checkValidity(gl1Var.m10293xb5f23d2a());
                if (!responderMatches(tVar.f27993x4a8a3d98.f21399x31e4d330, x509Certificate2, ht0Var)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, gl1Var.f22594x1835ec39, gl1Var.f22595x357d9dc0);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(xv0.f30207x9235de.f30208x4a8a3d98.f31550x4a8a3d98)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, gl1Var.f22594x1835ec39, gl1Var.f22595x357d9dc0);
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(tVar.f27993x4a8a3d98.m15347x551f074e("DER"));
            if (!createSignature.verify(tVar.f27995x31e4d330.m15299xbb6e6047())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, tVar.f27993x4a8a3d98.f21402x1c307680.m13707xf2aebc(me1.f25200xd206d0dd).f28101x31e4d330.f31552x4a8a3d98)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, gl1Var.f22594x1835ec39, gl1Var.f22595x357d9dc0);
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(kb.m11071xb5f23d2a(e, aw1.m1107xb5f23d2a("OCSP response failure: ")), e, gl1Var.f22594x1835ec39, gl1Var.f22595x357d9dc0);
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            StringBuilder m1107xb5f23d2a = aw1.m1107xb5f23d2a("OCSP response failure: ");
            m1107xb5f23d2a.append(e3.getMessage());
            throw new CertPathValidatorException(m1107xb5f23d2a.toString(), e3, gl1Var.f22594x1835ec39, gl1Var.f22595x357d9dc0);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x0170, code lost:
    
        if (r0.f25535x4a8a3d98.equals(r1.f30035x4a8a3d98.f25535x4a8a3d98) != false) goto L66;
     */
    @Override // defpackage.fl1
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 545
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = ns1.m11950xd206d0dd("ocsp.enable");
        this.ocspURL = ns1.m11949xb5f23d2a("ocsp.responderURL");
    }

    @Override // defpackage.fl1
    public void initialize(gl1 gl1Var) {
        this.parameters = gl1Var;
        this.isEnabledOCSP = ns1.m11950xd206d0dd("ocsp.enable");
        this.ocspURL = ns1.m11949xb5f23d2a("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void setParameter(String str, Object obj) {
    }
}
