package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C6198;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p1004.InterfaceC32280;
import p114.C9514;
import p114.C9515;
import p114.C9523;
import p114.InterfaceC9518;
import p1204.C37708;
import p143.C10035;
import p143.C10036;
import p143.C10044;
import p143.C10051;
import p143.C10063;
import p143.C10067;
import p143.C10075;
import p143.C10096;
import p1450.InterfaceC42335;
import p1460.InterfaceC42677;
import p1568.InterfaceC46914;
import p1579.C47003;
import p1579.InterfaceC47002;
import p1598.C47275;
import p1625.InterfaceC50392;
import p1670.C50991;
import p1751.C52486;
import p1907.InterfaceC56413;
import p2156.AbstractC62334;
import p2156.AbstractC62344;
import p2156.C62322;
import p2156.C62331;
import p2156.C62404;
import p2156.InterfaceC62303;
import p2156.InterfaceC62355;
import p308.InterfaceC13719;
import p485.C19124;
import p485.InterfaceC19126;
import p537.C20367;
import p537.InterfaceC20365;
import p574.C21747;
import p574.InterfaceC21739;
import p579.C21862;
import p607.C22495;
import p678.InterfaceC24096;
import p753.InterfaceC25317;
import p925.C29726;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes8.dex */
public class ProvOcspRevocationChecker implements InterfaceC47002 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC20365 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C47003 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C62331(InterfaceC13719.f57937), "SHA1WITHRSA");
        hashMap.put(InterfaceC21739.f78190, "SHA224WITHRSA");
        hashMap.put(InterfaceC21739.f78133, "SHA256WITHRSA");
        hashMap.put(InterfaceC21739.f78125, "SHA384WITHRSA");
        hashMap.put(InterfaceC21739.f78248, "SHA512WITHRSA");
        hashMap.put(InterfaceC42677.f133680, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC42677.f133681, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC42335.f132409, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC42335.f132410, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC46914.f147013, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC46914.f147014, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC46914.f147015, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC46914.f147016, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC46914.f147017, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC46914.f147018, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC32280.f102983, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC32280.f102984, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC32280.f102985, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC32280.f102986, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC32280.f102987, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC50392.f155409, "XMSS");
        hashMap.put(InterfaceC50392.f155410, "XMSSMT");
        hashMap.put(new C62331("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C62331("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C62331("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC25317.f87578, "SHA1WITHECDSA");
        hashMap.put(InterfaceC25317.f87560, "SHA224WITHECDSA");
        hashMap.put(InterfaceC25317.f87607, "SHA256WITHECDSA");
        hashMap.put(InterfaceC25317.f87562, "SHA384WITHECDSA");
        hashMap.put(InterfaceC25317.f87570, "SHA512WITHECDSA");
        hashMap.put(InterfaceC56413.f175799, "SHA1WITHRSA");
        hashMap.put(InterfaceC56413.f175798, "SHA1WITHDSA");
        hashMap.put(InterfaceC24096.f83824, "SHA224WITHDSA");
        hashMap.put(InterfaceC24096.f83825, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC20365 interfaceC20365) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC20365;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C10096.m45819(publicKey.getEncoded()).m45824().m223874());
    }

    private C9515 createCertID(C9515 c9515, C10051 c10051, C62322 c62322) throws CertPathValidatorException {
        return createCertID(c9515.m41534(), c10051, c62322);
    }

    private C9515 createCertID(C10036 c10036, C10051 c10051, C62322 c62322) throws CertPathValidatorException {
        try {
            MessageDigest mo96927 = this.helper.mo96927(C20367.m96942(c10036.m45487()));
            return new C9515(c10036, new AbstractC62334(mo96927.digest(c10051.m45557().m223983("DER"))), new AbstractC62334(mo96927.digest(c10051.m45558().m45824().m223874())), c62322);
        } catch (Exception e) {
            throw new CertPathValidatorException(C50991.m190147("problem creating ID: ", e), e);
        }
    }

    private C10051 extractCert() throws CertPathValidatorException {
        try {
            return C10051.m45549(this.parameters.m175630().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C21862.m100009(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m175627(), this.parameters.m175628());
        }
    }

    private static String getDigestName(C62331 c62331) {
        String m96942 = C20367.m96942(c62331);
        int indexOf = m96942.indexOf(45);
        if (indexOf <= 0 || m96942.startsWith("SHA3")) {
            return m96942;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m96942.substring(0, indexOf));
        return C47275.m176215(m96942, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C10063.f44879.m223996());
        if (extensionValue == null) {
            return null;
        }
        C10035[] m45525 = C10044.m45524(AbstractC62334.m224000(extensionValue).m224003()).m45525();
        for (int i = 0; i != m45525.length; i++) {
            C10035 c10035 = m45525[i];
            if (C10035.f44753.m224035(c10035.m45484())) {
                C10067 m45483 = c10035.m45483();
                if (m45483.m45659() == 6) {
                    try {
                        return new URI(((InterfaceC62355) m45483.m45661()).mo93517());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C10036 c10036) {
        InterfaceC62303 m45488 = c10036.m45488();
        if (m45488 != null && !C62404.f191322.m224034(m45488) && c10036.m45487().m224035(InterfaceC21739.f78154)) {
            return C37708.m147349(new StringBuilder(), getDigestName(C21747.m99654(m45488).m99655().m45487()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c10036.m45487());
        C62331 m45487 = c10036.m45487();
        return containsKey ? (String) map.get(m45487) : m45487.m223996();
    }

    private static X509Certificate getSignerCert(C9514 c9514, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC20365 interfaceC20365) throws NoSuchProviderException, NoSuchAlgorithmException {
        C9523 m41573 = c9514.m41531().m41573();
        byte[] m41564 = m41573.m41564();
        if (m41564 != null) {
            MessageDigest mo96927 = interfaceC20365.mo96927("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m41564, calcKeyHash(mo96927, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m41564, calcKeyHash(mo96927, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC19126 interfaceC19126 = C22495.f79801;
        C19124 m93527 = C19124.m93527(interfaceC19126, m41573.m41565());
        if (x509Certificate2 != null && m93527.equals(C19124.m93527(interfaceC19126, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m93527.equals(C19124.m93527(interfaceC19126, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C9523 c9523, X509Certificate x509Certificate, InterfaceC20365 interfaceC20365) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m41564 = c9523.m41564();
        if (m41564 != null) {
            return Arrays.equals(m41564, calcKeyHash(interfaceC20365.mo96927("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC19126 interfaceC19126 = C22495.f79801;
        return C19124.m93527(interfaceC19126, c9523.m41565()).equals(C19124.m93527(interfaceC19126, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C9514 c9514, C47003 c47003, byte[] bArr, X509Certificate x509Certificate, InterfaceC20365 interfaceC20365) throws CertPathValidatorException {
        try {
            AbstractC62344 m41528 = c9514.m41528();
            Signature createSignature = interfaceC20365.createSignature(getSignatureName(c9514.m41530()));
            X509Certificate signerCert = getSignerCert(c9514, c47003.m175630(), x509Certificate, interfaceC20365);
            if (signerCert == null && m41528 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC20365.mo96931("X.509").generateCertificate(new ByteArrayInputStream(m41528.mo224056(0).mo35724().getEncoded()));
                x509Certificate2.verify(c47003.m175630().getPublicKey());
                x509Certificate2.checkValidity(c47003.m175631());
                if (!responderMatches(c9514.m41531().m41573(), x509Certificate2, interfaceC20365)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c47003.m175627(), c47003.m175628());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C10075.f44935.m45705())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c47003.m175627(), c47003.m175628());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c9514.m41531().m223983("DER"));
            if (!createSignature.verify(c9514.m41529().m223874())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c9514.m41531().m41574().m45636(InterfaceC9518.f43634).m45627().m224003())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c47003.m175627(), c47003.m175628());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C29726.m124604(e, new StringBuilder("OCSP response failure: ")), e, c47003.m175627(), c47003.m175628());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C6198.m31174(e3, new StringBuilder("OCSP response failure: ")), e3, c47003.m175627(), c47003.m175628());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a5, code lost:
    
        if (r0.m41534().equals(r1.m41591().m41534()) != false) goto L71;
     */
    @Override // p1579.InterfaceC47002
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C52486.m195048("ocsp.enable");
        this.ocspURL = C52486.m195046("ocsp.responderURL");
    }

    @Override // p1579.InterfaceC47002
    public void initialize(C47003 c47003) {
        this.parameters = c47003;
        this.isEnabledOCSP = C52486.m195048("ocsp.enable");
        this.ocspURL = C52486.m195046("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p1579.InterfaceC47002
    public void setParameter(String str, Object obj) {
    }
}
