package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C6328;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p091.C9419;
import p1053.C33156;
import p116.InterfaceC9793;
import p1205.C35645;
import p1409.C40340;
import p145.C12190;
import p145.C12191;
import p145.C12199;
import p145.InterfaceC12194;
import p149.AbstractC12261;
import p149.AbstractC12271;
import p149.C12249;
import p149.C12258;
import p149.C12331;
import p149.InterfaceC12230;
import p149.InterfaceC12282;
import p1682.InterfaceC46874;
import p1725.C48540;
import p1725.InterfaceC48542;
import p174.InterfaceC13084;
import p1747.C49012;
import p1887.InterfaceC51137;
import p1890.InterfaceC51222;
import p1902.C51361;
import p2106.C59929;
import p2106.InterfaceC59921;
import p472.C19399;
import p472.C19400;
import p472.C19408;
import p472.C19415;
import p472.C19427;
import p472.C19431;
import p472.C19439;
import p472.C19460;
import p531.C20274;
import p537.InterfaceC20401;
import p549.InterfaceC20735;
import p674.InterfaceC23419;
import p749.C24798;
import p749.InterfaceC24796;
import p752.InterfaceC24884;
import p920.C30422;
import p920.InterfaceC30421;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvOcspRevocationChecker implements InterfaceC30421 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC24796 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C30422 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C12258(InterfaceC13084.f50813), "SHA1WITHRSA");
        hashMap.put(InterfaceC59921.f187010, "SHA224WITHRSA");
        hashMap.put(InterfaceC59921.f187059, "SHA256WITHRSA");
        hashMap.put(InterfaceC59921.f187035, "SHA384WITHRSA");
        hashMap.put(InterfaceC59921.f187070, "SHA512WITHRSA");
        hashMap.put(InterfaceC23419.f82949, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC23419.f82950, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC24884.f88186, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC24884.f88187, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC20401.f76284, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC20401.f76285, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC20401.f76286, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC20401.f76287, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC20401.f76288, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC20401.f76289, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC51222.f163680, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC51222.f163681, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC51222.f163682, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC51222.f163683, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC51222.f163684, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC9793.f44818, "XMSS");
        hashMap.put(InterfaceC9793.f44819, "XMSSMT");
        hashMap.put(new C12258("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C12258("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C12258("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC46874.f150575, "SHA1WITHECDSA");
        hashMap.put(InterfaceC46874.f150593, "SHA224WITHECDSA");
        hashMap.put(InterfaceC46874.f150578, "SHA256WITHECDSA");
        hashMap.put(InterfaceC46874.f150590, "SHA384WITHECDSA");
        hashMap.put(InterfaceC46874.f150551, "SHA512WITHECDSA");
        hashMap.put(InterfaceC20735.f76966, "SHA1WITHRSA");
        hashMap.put(InterfaceC20735.f76965, "SHA1WITHDSA");
        hashMap.put(InterfaceC51137.f163355, "SHA224WITHDSA");
        hashMap.put(InterfaceC51137.f163356, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC24796 interfaceC24796) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC24796;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C19460.m92218(publicKey.getEncoded()).m92223().m69757());
    }

    private C12191 createCertID(C12191 c12191, C19415 c19415, C12249 c12249) throws CertPathValidatorException {
        return createCertID(c12191.m69597(), c19415, c12249);
    }

    private C12191 createCertID(C19400 c19400, C19415 c19415, C12249 c12249) throws CertPathValidatorException {
        try {
            MessageDigest mo115011 = this.helper.mo115011(C24798.m115026(c19400.m91886()));
            return new C12191(c19400, new AbstractC12261(mo115011.digest(c19415.m91956().m69866("DER"))), new AbstractC12261(mo115011.digest(c19415.m91957().m92223().m69757())), c12249);
        } catch (Exception e) {
            throw new CertPathValidatorException(C49012.m182776("problem creating ID: ", e), e);
        }
    }

    private C19415 extractCert() throws CertPathValidatorException {
        try {
            return C19415.m91948(this.parameters.m129815().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C9419.m40837(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m129812(), this.parameters.m129813());
        }
    }

    private static String getDigestName(C12258 c12258) {
        String m115026 = C24798.m115026(c12258);
        int indexOf = m115026.indexOf(45);
        if (indexOf <= 0 || m115026.startsWith("SHA3")) {
            return m115026;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m115026.substring(0, indexOf));
        return C20274.m95392(m115026, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C19427.f73145.m69879());
        if (extensionValue == null) {
            return null;
        }
        C19399[] m91924 = C19408.m91923(AbstractC12261.m69883(extensionValue).m69886()).m91924();
        for (int i2 = 0; i2 != m91924.length; i2++) {
            C19399 c19399 = m91924[i2];
            if (C19399.f73019.m69918(c19399.m91883())) {
                C19431 m91882 = c19399.m91882();
                if (m91882.m92058() == 6) {
                    try {
                        return new URI(((InterfaceC12282) m91882.m92060()).mo69744());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C19400 c19400) {
        InterfaceC12230 m91887 = c19400.m91887();
        if (m91887 != null && !C12331.f47099.m69917(m91887) && c19400.m91886().m69918(InterfaceC59921.f186983)) {
            return C35645.m143623(new StringBuilder(), getDigestName(C59929.m216191(m91887).m216192().m91886()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c19400.m91886());
        C12258 m91886 = c19400.m91886();
        return containsKey ? (String) map.get(m91886) : m91886.m69879();
    }

    private static X509Certificate getSignerCert(C12190 c12190, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC24796 interfaceC24796) throws NoSuchProviderException, NoSuchAlgorithmException {
        C12199 m69636 = c12190.m69594().m69636();
        byte[] m69627 = m69636.m69627();
        if (m69627 != null) {
            MessageDigest mo115011 = interfaceC24796.mo115011("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m69627, calcKeyHash(mo115011, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m69627, calcKeyHash(mo115011, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC48542 interfaceC48542 = C40340.f132385;
        C48540 m181205 = C48540.m181205(interfaceC48542, m69636.m69628());
        if (x509Certificate2 != null && m181205.equals(C48540.m181205(interfaceC48542, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m181205.equals(C48540.m181205(interfaceC48542, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C12199 c12199, X509Certificate x509Certificate, InterfaceC24796 interfaceC24796) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m69627 = c12199.m69627();
        if (m69627 != null) {
            return Arrays.equals(m69627, calcKeyHash(interfaceC24796.mo115011("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC48542 interfaceC48542 = C40340.f132385;
        return C48540.m181205(interfaceC48542, c12199.m69628()).equals(C48540.m181205(interfaceC48542, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C12190 c12190, C30422 c30422, byte[] bArr, X509Certificate x509Certificate, InterfaceC24796 interfaceC24796) throws CertPathValidatorException {
        try {
            AbstractC12271 m69591 = c12190.m69591();
            Signature createSignature = interfaceC24796.createSignature(getSignatureName(c12190.m69593()));
            X509Certificate signerCert = getSignerCert(c12190, c30422.m129815(), x509Certificate, interfaceC24796);
            if (signerCert == null && m69591 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC24796.mo115015("X.509").generateCertificate(new ByteArrayInputStream(m69591.mo69939(0).mo35856().getEncoded()));
                x509Certificate2.verify(c30422.m129815().getPublicKey());
                x509Certificate2.checkValidity(c30422.m129816());
                if (!responderMatches(c12190.m69594().m69636(), x509Certificate2, interfaceC24796)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c30422.m129812(), c30422.m129813());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C19439.f73223.m92104())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c30422.m129812(), c30422.m129813());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c12190.m69594().m69866("DER"));
            if (!createSignature.verify(c12190.m69592().m69757())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c12190.m69594().m69637().m92035(InterfaceC12194.f46769).m92026().m69886())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c30422.m129812(), c30422.m129813());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C51361.m190361(e, new StringBuilder("OCSP response failure: ")), e, c30422.m129812(), c30422.m129813());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C6328.m29613(e3, new StringBuilder("OCSP response failure: ")), e3, c30422.m129812(), c30422.m129813());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a5, code lost:
    
        if (r0.m69597().equals(r1.m69654().m69597()) != false) goto L71;
     */
    @Override // p920.InterfaceC30421
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C33156.m136510("ocsp.enable");
        this.ocspURL = C33156.m136508("ocsp.responderURL");
    }

    @Override // p920.InterfaceC30421
    public void initialize(C30422 c30422) {
        this.parameters = c30422;
        this.isEnabledOCSP = C33156.m136510("ocsp.enable");
        this.ocspURL = C33156.m136508("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p920.InterfaceC30421
    public void setParameter(String str, Object obj) {
    }
}
