package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C6166;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p1004.InterfaceC32340;
import p114.C9482;
import p114.C9483;
import p114.C9491;
import p114.InterfaceC9486;
import p1204.C37771;
import p143.C10003;
import p143.C10004;
import p143.C10012;
import p143.C10019;
import p143.C10031;
import p143.C10035;
import p143.C10043;
import p143.C10064;
import p1450.InterfaceC42398;
import p1460.InterfaceC42740;
import p1568.InterfaceC46977;
import p1579.C47066;
import p1579.InterfaceC47065;
import p1598.C47338;
import p1625.InterfaceC50455;
import p1670.C51054;
import p1751.C52549;
import p1907.InterfaceC56476;
import p2156.AbstractC62397;
import p2156.AbstractC62407;
import p2156.C62385;
import p2156.C62394;
import p2156.C62467;
import p2156.InterfaceC62366;
import p2156.InterfaceC62418;
import p308.InterfaceC13687;
import p485.C19095;
import p485.InterfaceC19097;
import p537.C20338;
import p537.InterfaceC20336;
import p574.C21718;
import p574.InterfaceC21710;
import p579.C21833;
import p607.C22466;
import p678.InterfaceC24067;
import p753.InterfaceC25288;
import p925.C29778;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes12.dex */
public class ProvOcspRevocationChecker implements InterfaceC47065 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC20336 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C47066 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C62394(InterfaceC13687.f57889), "SHA1WITHRSA");
        hashMap.put(InterfaceC21710.f78171, "SHA224WITHRSA");
        hashMap.put(InterfaceC21710.f78114, "SHA256WITHRSA");
        hashMap.put(InterfaceC21710.f78106, "SHA384WITHRSA");
        hashMap.put(InterfaceC21710.f78229, "SHA512WITHRSA");
        hashMap.put(InterfaceC42740.f133732, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC42740.f133733, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC42398.f132461, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC42398.f132462, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC46977.f147065, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC46977.f147066, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC46977.f147067, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC46977.f147068, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC46977.f147069, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC46977.f147070, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC32340.f103035, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC32340.f103036, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC32340.f103037, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC32340.f103038, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC32340.f103039, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC50455.f155461, "XMSS");
        hashMap.put(InterfaceC50455.f155462, "XMSSMT");
        hashMap.put(new C62394("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C62394("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C62394("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC25288.f87559, "SHA1WITHECDSA");
        hashMap.put(InterfaceC25288.f87541, "SHA224WITHECDSA");
        hashMap.put(InterfaceC25288.f87588, "SHA256WITHECDSA");
        hashMap.put(InterfaceC25288.f87543, "SHA384WITHECDSA");
        hashMap.put(InterfaceC25288.f87551, "SHA512WITHECDSA");
        hashMap.put(InterfaceC56476.f175851, "SHA1WITHRSA");
        hashMap.put(InterfaceC56476.f175850, "SHA1WITHDSA");
        hashMap.put(InterfaceC24067.f83805, "SHA224WITHDSA");
        hashMap.put(InterfaceC24067.f83806, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC20336 interfaceC20336) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC20336;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C10064.m45961(publicKey.getEncoded()).m45966().m224036());
    }

    private C9483 createCertID(C9483 c9483, C10019 c10019, C62385 c62385) throws CertPathValidatorException {
        return createCertID(c9483.m41676(), c10019, c62385);
    }

    private C9483 createCertID(C10004 c10004, C10019 c10019, C62385 c62385) throws CertPathValidatorException {
        try {
            MessageDigest mo97073 = this.helper.mo97073(C20338.m97088(c10004.m45629()));
            return new C9483(c10004, new AbstractC62397(mo97073.digest(c10019.m45699().m224145("DER"))), new AbstractC62397(mo97073.digest(c10019.m45700().m45966().m224036())), c62385);
        } catch (Exception e) {
            throw new CertPathValidatorException(C51054.m190308("problem creating ID: ", e), e);
        }
    }

    private C10019 extractCert() throws CertPathValidatorException {
        try {
            return C10019.m45691(this.parameters.m175791().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C21833.m100157(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m175788(), this.parameters.m175789());
        }
    }

    private static String getDigestName(C62394 c62394) {
        String m97088 = C20338.m97088(c62394);
        int indexOf = m97088.indexOf(45);
        if (indexOf <= 0 || m97088.startsWith("SHA3")) {
            return m97088;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m97088.substring(0, indexOf));
        return C47338.m176376(m97088, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C10031.f44831.m224158());
        if (extensionValue == null) {
            return null;
        }
        C10003[] m45667 = C10012.m45666(AbstractC62397.m224162(extensionValue).m224165()).m45667();
        for (int i = 0; i != m45667.length; i++) {
            C10003 c10003 = m45667[i];
            if (C10003.f44705.m224197(c10003.m45626())) {
                C10035 m45625 = c10003.m45625();
                if (m45625.m45801() == 6) {
                    try {
                        return new URI(((InterfaceC62418) m45625.m45803()).mo93663());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C10004 c10004) {
        InterfaceC62366 m45630 = c10004.m45630();
        if (m45630 != null && !C62467.f191374.m224196(m45630) && c10004.m45629().m224197(InterfaceC21710.f78135)) {
            return C37771.m147509(new StringBuilder(), getDigestName(C21718.m99802(m45630).m99803().m45629()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c10004.m45629());
        C62394 m45629 = c10004.m45629();
        return containsKey ? (String) map.get(m45629) : m45629.m224158();
    }

    private static X509Certificate getSignerCert(C9482 c9482, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC20336 interfaceC20336) throws NoSuchProviderException, NoSuchAlgorithmException {
        C9491 m41715 = c9482.m41673().m41715();
        byte[] m41706 = m41715.m41706();
        if (m41706 != null) {
            MessageDigest mo97073 = interfaceC20336.mo97073("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m41706, calcKeyHash(mo97073, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m41706, calcKeyHash(mo97073, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC19097 interfaceC19097 = C22466.f79782;
        C19095 m93673 = C19095.m93673(interfaceC19097, m41715.m41707());
        if (x509Certificate2 != null && m93673.equals(C19095.m93673(interfaceC19097, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m93673.equals(C19095.m93673(interfaceC19097, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C9491 c9491, X509Certificate x509Certificate, InterfaceC20336 interfaceC20336) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m41706 = c9491.m41706();
        if (m41706 != null) {
            return Arrays.equals(m41706, calcKeyHash(interfaceC20336.mo97073("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC19097 interfaceC19097 = C22466.f79782;
        return C19095.m93673(interfaceC19097, c9491.m41707()).equals(C19095.m93673(interfaceC19097, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C9482 c9482, C47066 c47066, byte[] bArr, X509Certificate x509Certificate, InterfaceC20336 interfaceC20336) throws CertPathValidatorException {
        try {
            AbstractC62407 m41670 = c9482.m41670();
            Signature createSignature = interfaceC20336.createSignature(getSignatureName(c9482.m41672()));
            X509Certificate signerCert = getSignerCert(c9482, c47066.m175791(), x509Certificate, interfaceC20336);
            if (signerCert == null && m41670 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC20336.mo97077("X.509").generateCertificate(new ByteArrayInputStream(m41670.mo224218(0).mo35866().getEncoded()));
                x509Certificate2.verify(c47066.m175791().getPublicKey());
                x509Certificate2.checkValidity(c47066.m175792());
                if (!responderMatches(c9482.m41673().m41715(), x509Certificate2, interfaceC20336)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c47066.m175788(), c47066.m175789());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C10043.f44887.m45847())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c47066.m175788(), c47066.m175789());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c9482.m41673().m224145("DER"));
            if (!createSignature.verify(c9482.m41671().m224036())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c9482.m41673().m41716().m45778(InterfaceC9486.f43586).m45769().m224165())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c47066.m175788(), c47066.m175789());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C29778.m124751(e, new StringBuilder("OCSP response failure: ")), e, c47066.m175788(), c47066.m175789());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C6166.m31316(e3, new StringBuilder("OCSP response failure: ")), e3, c47066.m175788(), c47066.m175789());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a5, code lost:
    
        if (r0.m41676().equals(r1.m41733().m41676()) != false) goto L71;
     */
    @Override // p1579.InterfaceC47065
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C52549.m195209("ocsp.enable");
        this.ocspURL = C52549.m195207("ocsp.responderURL");
    }

    @Override // p1579.InterfaceC47065
    public void initialize(C47066 c47066) {
        this.parameters = c47066;
        this.isEnabledOCSP = C52549.m195209("ocsp.enable");
        this.ocspURL = C52549.m195207("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p1579.InterfaceC47065
    public void setParameter(String str, Object obj) {
    }
}
