package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C6350;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p1030.C34709;
import p1100.C36525;
import p1125.C36924;
import p1206.C38230;
import p1269.C39713;
import p1437.InterfaceC43144;
import p1445.InterfaceC43286;
import p1632.C47220;
import p1632.InterfaceC47219;
import p1750.C49602;
import p1750.InterfaceC49594;
import p1780.C49867;
import p1780.InterfaceC49869;
import p1859.InterfaceC51070;
import p2144.AbstractC63309;
import p2144.AbstractC63319;
import p2144.C63297;
import p2144.C63306;
import p2144.C63379;
import p2144.InterfaceC63278;
import p2144.InterfaceC63330;
import p297.C14448;
import p305.C14519;
import p370.InterfaceC16537;
import p388.InterfaceC17105;
import p648.C22772;
import p648.C22773;
import p648.C22781;
import p648.InterfaceC22776;
import p677.InterfaceC23224;
import p719.InterfaceC25508;
import p804.InterfaceC27731;
import p827.C27953;
import p827.InterfaceC27951;
import p920.InterfaceC30092;
import p994.C33755;
import p994.C33756;
import p994.C33764;
import p994.C33771;
import p994.C33783;
import p994.C33787;
import p994.C33795;
import p994.C33816;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class ProvOcspRevocationChecker implements InterfaceC47219 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC27951 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C47220 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C63306(InterfaceC25508.f92237), "SHA1WITHRSA");
        hashMap.put(InterfaceC49594.f161482, "SHA224WITHRSA");
        hashMap.put(InterfaceC49594.f161506, "SHA256WITHRSA");
        hashMap.put(InterfaceC49594.f161539, "SHA384WITHRSA");
        hashMap.put(InterfaceC49594.f161627, "SHA512WITHRSA");
        hashMap.put(InterfaceC23224.f84320, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC23224.f84321, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC43144.f143081, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC43144.f143082, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC30092.f106073, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC30092.f106074, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC30092.f106075, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC30092.f106076, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC30092.f106077, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC30092.f106078, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC51070.f165678, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC51070.f165679, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC51070.f165680, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC51070.f165681, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC51070.f165682, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC16537.f64223, "XMSS");
        hashMap.put(InterfaceC16537.f64224, "XMSSMT");
        hashMap.put(new C63306("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C63306("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C63306("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC43286.f143435, "SHA1WITHECDSA");
        hashMap.put(InterfaceC43286.f143468, "SHA224WITHECDSA");
        hashMap.put(InterfaceC43286.f143437, "SHA256WITHECDSA");
        hashMap.put(InterfaceC43286.f143452, "SHA384WITHECDSA");
        hashMap.put(InterfaceC43286.f143433, "SHA512WITHECDSA");
        hashMap.put(InterfaceC27731.f100349, "SHA1WITHRSA");
        hashMap.put(InterfaceC27731.f100348, "SHA1WITHDSA");
        hashMap.put(InterfaceC17105.f67073, "SHA224WITHDSA");
        hashMap.put(InterfaceC17105.f67074, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC27951 interfaceC27951) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC27951;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C33816.m119375(publicKey.getEncoded()).m119380().m225892());
    }

    private C22773 createCertID(C22773 c22773, C33771 c33771, C63297 c63297) throws CertPathValidatorException {
        return createCertID(c22773.m85900(), c33771, c63297);
    }

    private C22773 createCertID(C33756 c33756, C33771 c33771, C63297 c63297) throws CertPathValidatorException {
        try {
            MessageDigest mo99751 = this.helper.mo99751(C27953.m99766(c33756.m119043()));
            return new C22773(c33756, new AbstractC63309(mo99751.digest(c33771.m119113().m226001("DER"))), new AbstractC63309(mo99751.digest(c33771.m119114().m119380().m225892())), c63297);
        } catch (Exception e) {
            throw new CertPathValidatorException(C39713.m141160("problem creating ID: ", e), e);
        }
    }

    private C33771 extractCert() throws CertPathValidatorException {
        try {
            return C33771.m119105(this.parameters.m164996().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C36525.m126945(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m164993(), this.parameters.m164994());
        }
    }

    private static String getDigestName(C63306 c63306) {
        String m99766 = C27953.m99766(c63306);
        int indexOf = m99766.indexOf(45);
        if (indexOf <= 0 || m99766.startsWith("SHA3")) {
            return m99766;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m99766.substring(0, indexOf));
        return C34709.m121974(m99766, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C33783.f115435.m226014());
        if (extensionValue == null) {
            return null;
        }
        C33755[] m119081 = C33764.m119080(AbstractC63309.m226018(extensionValue).m226021()).m119081();
        for (int i = 0; i != m119081.length; i++) {
            C33755 c33755 = m119081[i];
            if (C33755.f115309.m226053(c33755.m119040())) {
                C33787 m119039 = c33755.m119039();
                if (m119039.m119215() == 6) {
                    try {
                        return new URI(((InterfaceC63330) m119039.m119217()).mo173053());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C33756 c33756) {
        InterfaceC63278 m119044 = c33756.m119044();
        if (m119044 != null && !C63379.f192444.m226052(m119044) && c33756.m119043().m226053(InterfaceC49594.f161513)) {
            return C38230.m134959(new StringBuilder(), getDigestName(C49602.m172212(m119044).m172213().m119043()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c33756.m119043());
        C63306 m119043 = c33756.m119043();
        return containsKey ? (String) map.get(m119043) : m119043.m226014();
    }

    private static X509Certificate getSignerCert(C22772 c22772, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC27951 interfaceC27951) throws NoSuchProviderException, NoSuchAlgorithmException {
        C22781 m85939 = c22772.m85897().m85939();
        byte[] m85930 = m85939.m85930();
        if (m85930 != null) {
            MessageDigest mo99751 = interfaceC27951.mo99751("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m85930, calcKeyHash(mo99751, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m85930, calcKeyHash(mo99751, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC49869 interfaceC49869 = C36924.f123478;
        C49867 m173063 = C49867.m173063(interfaceC49869, m85939.m85931());
        if (x509Certificate2 != null && m173063.equals(C49867.m173063(interfaceC49869, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m173063.equals(C49867.m173063(interfaceC49869, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C22781 c22781, X509Certificate x509Certificate, InterfaceC27951 interfaceC27951) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m85930 = c22781.m85930();
        if (m85930 != null) {
            return Arrays.equals(m85930, calcKeyHash(interfaceC27951.mo99751("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC49869 interfaceC49869 = C36924.f123478;
        return C49867.m173063(interfaceC49869, c22781.m85931()).equals(C49867.m173063(interfaceC49869, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C22772 c22772, C47220 c47220, byte[] bArr, X509Certificate x509Certificate, InterfaceC27951 interfaceC27951) throws CertPathValidatorException {
        try {
            AbstractC63319 m85894 = c22772.m85894();
            Signature createSignature = interfaceC27951.createSignature(getSignatureName(c22772.m85896()));
            X509Certificate signerCert = getSignerCert(c22772, c47220.m164996(), x509Certificate, interfaceC27951);
            if (signerCert == null && m85894 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC27951.mo99755("X.509").generateCertificate(new ByteArrayInputStream(m85894.mo226074(0).mo47683().getEncoded()));
                x509Certificate2.verify(c47220.m164996().getPublicKey());
                x509Certificate2.checkValidity(c47220.m164997());
                if (!responderMatches(c22772.m85897().m85939(), x509Certificate2, interfaceC27951)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c47220.m164993(), c47220.m164994());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C33795.f115491.m119261())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c47220.m164993(), c47220.m164994());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c22772.m85897().m226001("DER"));
            if (!createSignature.verify(c22772.m85895().m225892())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c22772.m85897().m85940().m119192(InterfaceC22776.f82774).m119183().m226021())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c47220.m164993(), c47220.m164994());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C14519.m59992(e, new StringBuilder("OCSP response failure: ")), e, c47220.m164993(), c47220.m164994());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C6350.m34196(e3, new StringBuilder("OCSP response failure: ")), e3, c47220.m164993(), c47220.m164994());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a9, code lost:
    
        if (r0.m85900().equals(r1.m85957().m85900()) != false) goto L71;
     */
    @Override // p1632.InterfaceC47219
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 663
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C14448.m59781("ocsp.enable");
        this.ocspURL = C14448.m59779("ocsp.responderURL");
    }

    @Override // p1632.InterfaceC47219
    public void initialize(C47220 c47220) {
        this.parameters = c47220;
        this.isEnabledOCSP = C14448.m59781("ocsp.enable");
        this.ocspURL = C14448.m59779("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p1632.InterfaceC47219
    public void setParameter(String str, Object obj) {
    }
}
