package com.e.c.h.m;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import org.spongycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.ocsp.BasicOCSPResp;
import org.spongycastle.cert.ocsp.CertificateStatus;
import org.spongycastle.cert.ocsp.OCSPException;
import org.spongycastle.cert.ocsp.SingleResp;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.bc.BcDigestCalculatorProvider;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;

/* compiled from: TbsSdkJava */
/* loaded from: classes.dex */
public class w extends ae {

    /* renamed from: a, reason: collision with root package name */
    protected static final com.e.c.g.e f11167a = com.e.c.g.f.a((Class<?>) w.class);

    /* renamed from: b, reason: collision with root package name */
    protected static final String f11168b = "1.3.6.1.5.5.7.3.9";

    /* renamed from: e, reason: collision with root package name */
    protected List<BasicOCSPResp> f11169e;

    public w(f fVar, List<BasicOCSPResp> list) {
        super(fVar);
        this.f11169e = list;
    }

    @Override // com.e.c.h.m.ae, com.e.c.h.m.f
    public List<an> a(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        int i;
        boolean z = false;
        ArrayList arrayList = new ArrayList();
        if (this.f11169e != null) {
            Iterator<BasicOCSPResp> it2 = this.f11169e.iterator();
            i = 0;
            while (it2.hasNext()) {
                i = a(it2.next(), x509Certificate, x509Certificate2, date) ? i + 1 : i;
            }
        } else {
            i = 0;
        }
        if (this.f11136d && i == 0 && a(a(x509Certificate, x509Certificate2), x509Certificate, x509Certificate2, date)) {
            i++;
            z = true;
        }
        f11167a.e("Valid OCSPs found: " + i);
        if (i > 0) {
            arrayList.add(new an(x509Certificate, getClass(), "Valid OCSPs Found: " + i + (z ? " (online)" : "")));
        }
        if (this.f11135c != null) {
            arrayList.addAll(this.f11135c.a(x509Certificate, x509Certificate2, date));
        }
        return arrayList;
    }

    public BasicOCSPResp a(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        BasicOCSPResp b2;
        if ((x509Certificate != null || x509Certificate2 != null) && (b2 = new y().b(x509Certificate, x509Certificate2, null)) != null) {
            for (SingleResp singleResp : b2.getResponses()) {
                if (singleResp.getCertStatus() == CertificateStatus.GOOD) {
                    return b2;
                }
            }
            return null;
        }
        return null;
    }

    public void a(BasicOCSPResp basicOCSPResp, X509Certificate x509Certificate) throws GeneralSecurityException, IOException {
        CRL crl;
        X509Certificate x509Certificate2;
        X509Certificate x509Certificate3 = a(basicOCSPResp, (Certificate) x509Certificate) ? x509Certificate : null;
        if (x509Certificate3 == null) {
            if (basicOCSPResp.getCerts() != null) {
                X509CertificateHolder[] certs = basicOCSPResp.getCerts();
                int length = certs.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    try {
                        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certs[i]);
                        try {
                            List<String> extendedKeyUsage = certificate.getExtendedKeyUsage();
                            if (extendedKeyUsage != null && extendedKeyUsage.contains(f11168b) && a(basicOCSPResp, (Certificate) certificate)) {
                                x509Certificate3 = certificate;
                                break;
                            }
                        } catch (CertificateParsingException e2) {
                        }
                    } catch (Exception e3) {
                    }
                    i++;
                }
                if (x509Certificate3 == null) {
                    throw new am(x509Certificate, "OCSP response could not be verified");
                }
            } else {
                if (this.n != null) {
                    try {
                        Enumeration<String> aliases = this.n.aliases();
                        while (true) {
                            if (!aliases.hasMoreElements()) {
                                x509Certificate2 = x509Certificate3;
                                break;
                            }
                            String nextElement = aliases.nextElement();
                            try {
                                if (this.n.isCertificateEntry(nextElement)) {
                                    x509Certificate2 = (X509Certificate) this.n.getCertificate(nextElement);
                                    if (a(basicOCSPResp, (Certificate) x509Certificate2)) {
                                        break;
                                    }
                                } else {
                                    continue;
                                }
                            } catch (GeneralSecurityException e4) {
                            }
                        }
                        x509Certificate3 = x509Certificate2;
                    } catch (KeyStoreException e5) {
                        x509Certificate3 = null;
                    }
                }
                if (x509Certificate3 == null) {
                    throw new am(x509Certificate, "OCSP response could not be verified");
                }
            }
        }
        x509Certificate3.verify(x509Certificate.getPublicKey());
        if (x509Certificate3.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck.getId()) == null) {
            try {
                crl = d.a(x509Certificate3);
            } catch (Exception e6) {
                crl = null;
            }
            if (crl != null && (crl instanceof X509CRL)) {
                b bVar = new b(null, null);
                bVar.a(this.n);
                bVar.a(this.f11136d);
                bVar.a((X509CRL) crl, x509Certificate3, x509Certificate, new Date());
                return;
            }
        }
        x509Certificate3.checkValidity();
    }

    public boolean a(BasicOCSPResp basicOCSPResp, Certificate certificate) {
        try {
            return basicOCSPResp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate.getPublicKey()));
        } catch (OperatorCreationException e2) {
            return false;
        } catch (OCSPException e3) {
            return false;
        }
    }

    public boolean a(BasicOCSPResp basicOCSPResp, X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) throws GeneralSecurityException, IOException {
        if (basicOCSPResp == null) {
            return false;
        }
        SingleResp[] responses = basicOCSPResp.getResponses();
        for (int i = 0; i < responses.length; i++) {
            if (x509Certificate.getSerialNumber().equals(responses[i].getCertID().getSerialNumber())) {
                if (x509Certificate2 == null) {
                    x509Certificate2 = x509Certificate;
                }
                try {
                    if (responses[i].getCertID().matchesIssuer(new X509CertificateHolder(x509Certificate2.getEncoded()), new BcDigestCalculatorProvider())) {
                        Date nextUpdate = responses[i].getNextUpdate();
                        if (nextUpdate == null) {
                            nextUpdate = new Date(responses[i].getThisUpdate().getTime() + 180000);
                            f11167a.e(String.format("No 'next update' for OCSP Response; assuming %s", nextUpdate));
                        }
                        if (date.after(nextUpdate)) {
                            f11167a.e(String.format("OCSP no longer valid: %s after %s", date, nextUpdate));
                        } else if (responses[i].getCertStatus() == CertificateStatus.GOOD) {
                            a(basicOCSPResp, x509Certificate2);
                            return true;
                        }
                    } else {
                        f11167a.e("OCSP: Issuers doesn't match.");
                    }
                } catch (OCSPException e2) {
                }
            }
        }
        return false;
    }

    @Deprecated
    public boolean b(BasicOCSPResp basicOCSPResp, X509Certificate x509Certificate) {
        try {
            a(basicOCSPResp, x509Certificate);
            return true;
        } catch (Exception e2) {
            return false;
        }
    }
}
