package net.netca.pki.encoding.asn1.pki.scvp;

import java.util.ArrayList;
import java.util.Arrays;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.IHttp;
import net.netca.pki.encoding.asn1.pki.JCEHasher;
import net.netca.pki.encoding.asn1.pki.JCESecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.SecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.SimpleHttp;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.cms.ContentInfo;
import net.netca.pki.u;

/* loaded from: classes.dex */
public class HttpSCVPGetCertPath {
    private X509Certificate cert;
    private String hashAlgorithm;
    private byte[] nonce;
    private ValidationPolicy respValidationPolicy;
    private ArrayList<RevocationInfo> revInfoList;
    private ValidationPolicy validationPolicy;
    private SecureRandomGenerator randGenerator = JCESecureRandomGenerator.getInstance();
    private IHttp http = new SimpleHttp();
    private boolean getRevInfo = false;
    private Hashable hasher = new JCEHasher();
    private boolean fullRequestInResponse = false;
    private boolean responseValidationPolByRef = false;
    private boolean protectResponse = false;
    private boolean cachedResponse = true;

    private void addRevocationInfo(ArrayList<RevocationInfo> arrayList, RevocationInfos revocationInfos) {
        int size = revocationInfos.size();
        for (int i = 0; i < size; i++) {
            arrayList.add(revocationInfos.get(i));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate[] certBundle2CertPath(CertBundle certBundle) {
        int size = certBundle.size();
        X509Certificate[] x509CertificateArr = new X509Certificate[size];
        for (int i = 0; i < size; i++) {
            x509CertificateArr[i] = certBundle.get(i);
        }
        return x509CertificateArr;
    }

    private void checkNonce(CVRequest cVRequest, CVResponse cVResponse) {
        byte[] requestNonce = cVRequest.getRequestNonce();
        byte[] respNonce = cVResponse.getRespNonce();
        if (requestNonce == null) {
            if (respNonce != null) {
                throw new u("request has not nonce,but response has");
            }
        } else if (respNonce != null && !Arrays.equals(requestNonce, respNonce)) {
            throw new u("nonce mismatch");
        }
    }

    private void checkRequestRef(CVRequest cVRequest, CVResponse cVResponse) {
        RequestReference requestRef = cVResponse.getRequestRef();
        if (requestRef != null && !requestRef.match(cVRequest, this.hasher)) {
            throw new u("RequestRef mismatch");
        }
    }

    private void checkRequestorText(CVRequest cVRequest, CVResponse cVResponse) {
        String requestorText = cVRequest.getRequestorText();
        String requestorText2 = cVResponse.getRequestorText();
        if (requestorText == null) {
            if (requestorText2 != null) {
                throw new u("request has not requestorText,but response has");
            }
        } else if (requestorText2 != null && !requestorText.equals(requestorText2)) {
            throw new u("requestorText mismatch");
        }
    }

    private byte[] getHttpResp(String str, byte[] bArr) {
        byte[] postData = this.http.postData(str, "application/scvp-cv-request", bArr, 0, bArr.length);
        if ("application/scvp-cv-response".equals(this.http.getRespContentType())) {
            return postData;
        }
        throw new u("bad resp content type:" + this.http.getRespContentType());
    }

    static String getReplyStatusString(int i) {
        switch (i) {
            case 0:
                return "success";
            case 1:
                return "malformedPKC";
            case 2:
                return "malformedAC";
            case 3:
                return "unavailableValidationTime";
            case 4:
                return "referenceCertHashFail";
            case 5:
                return "certPathConstructFail";
            case 6:
                return "certPathNotValid";
            case 7:
                return "certPathNotValidNow";
            case 8:
                return "wantBackUnsatisfied";
            default:
                StringBuilder sb = new StringBuilder();
                sb.append(i);
                return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getResponseStatusString(int i) {
        if (i == 40) {
            return "relayingLoop";
        }
        switch (i) {
            case 0:
                return "okay";
            case 1:
                return "skipUnrecognizedItems";
            default:
                switch (i) {
                    case 10:
                        return "tooBusy";
                    case 11:
                        return "invalidRequest";
                    case 12:
                        return "internalError";
                    default:
                        switch (i) {
                            case 20:
                                return "badStructure";
                            case 21:
                                return "unsupportedVersion";
                            case 22:
                                return "abortUnrecognizedItems";
                            case 23:
                                return "unrecognizedSigKey";
                            case 24:
                                return "badSignatureOrMAC";
                            case 25:
                                return "unableToDecode";
                            case 26:
                                return "notAuthorized";
                            case 27:
                                return "unsupportedChecks";
                            case 28:
                                return "unsupportedWantBacks";
                            case 29:
                                return "unsupportedSignatureOrMAC";
                            case 30:
                                return "invalidSignatureOrMAC";
                            case 31:
                                return "protectedResponseUnsupported";
                            case 32:
                                return "unrecognizedResponderName";
                            default:
                                switch (i) {
                                    case 50:
                                        return "unrecognizedValPol";
                                    case 51:
                                        return "unrecognizedValAlg";
                                    case 52:
                                        return "fullRequestInResponseUnsupported";
                                    case 53:
                                        return "fullPolResponseUnsupported";
                                    case 54:
                                        return "inhibitPolicyMappingUnsupported";
                                    case 55:
                                        return "requireExplicitPolicyUnsupported";
                                    case 56:
                                        return "inhibitAnyPolicyUnsupported";
                                    case 57:
                                        return "validationTimeUnsupported";
                                    default:
                                        switch (i) {
                                            case 63:
                                                return "unrecognizedCritQueryExt";
                                            case 64:
                                                return "unrecognizedCritRequestExt";
                                            default:
                                                StringBuilder sb = new StringBuilder();
                                                sb.append(i);
                                                return sb.toString();
                                        }
                                }
                        }
                }
        }
    }

    private CVRequest getSCVPReq() {
        QueryBuilder queryBuilder = QueryBuilder.getInstance();
        queryBuilder.setPkcDPD(this.getRevInfo ? 1 : 0);
        if (this.validationPolicy != null) {
            queryBuilder.setValidationPolicy(this.validationPolicy);
        }
        queryBuilder.addQueriedCert(this.cert);
        if (this.fullRequestInResponse || !this.responseValidationPolByRef || !this.protectResponse || !this.cachedResponse) {
            queryBuilder.setResponseFlags(this.fullRequestInResponse, this.responseValidationPolByRef, this.protectResponse, this.cachedResponse);
        }
        CVRequestBuilder query = CVRequestBuilder.getInstance().setQuery(queryBuilder.build());
        if (this.nonce != null) {
            query.setRequestNonce(this.nonce);
        }
        if (this.hashAlgorithm != null) {
            query.setHashAlg(this.hashAlgorithm);
        }
        return query.build();
    }

    private byte[] getSCVPReqEncode(CVRequest cVRequest) {
        return new ContentInfo(CVRequest.OID, cVRequest.getASN1Object()).getASN1Object().encode();
    }

    private CVResponse getSCVPResp(String str, byte[] bArr) {
        ContentInfo decode = ContentInfo.decode(getHttpResp(str, bArr));
        if (!decode.getContentType().equals(CVResponse.OID)) {
            throw new u("not CVResponse");
        }
        ASN1Object content = decode.getContent();
        if (content != null) {
            return new CVResponse((Sequence) content.to(CVResponse.getASN1Type()));
        }
        throw new u("no CVResponse");
    }

    public ArrayList<X509Certificate[]> getCertPath(String str) {
        CVRequest sCVPReq = getSCVPReq();
        CVResponse sCVPResp = getSCVPResp(str, getSCVPReqEncode(sCVPReq));
        ResponseStatus responseStatus = sCVPResp.getResponseStatus();
        int statusCode = responseStatus.getStatusCode();
        if (statusCode != 0 && statusCode != 1) {
            String str2 = "response fail,return statusCode:" + getResponseStatusString(statusCode);
            String errorMessage = responseStatus.getErrorMessage();
            if (errorMessage != null) {
                str2 = String.valueOf(str2) + " errorMessage:" + errorMessage;
            }
            throw new u(str2);
        }
        checkNonce(sCVPReq, sCVPResp);
        checkRequestorText(sCVPReq, sCVPResp);
        checkRequestRef(sCVPReq, sCVPResp);
        ReplyObjects replyObjects = sCVPResp.getReplyObjects();
        if (replyObjects == null) {
            throw new u("no replyObjects");
        }
        int size = replyObjects.size();
        if (size != 1) {
            throw new u("bad replyObject count:" + size);
        }
        CertReply certReply = replyObjects.get(0);
        if (!certReply.getCert().match(this.cert, this.hasher)) {
            throw new u("no match cert");
        }
        int replyStatus = certReply.getReplyStatus();
        if (replyStatus != 0) {
            throw new u("bad certReply replyStatus:" + getReplyStatusString(replyStatus));
        }
        ReplyWantBacks replyWantBacks = certReply.getReplyWantBacks();
        int size2 = replyWantBacks.size();
        if (size2 == 0) {
            throw new u("no replyWantBacks");
        }
        ArrayList<X509Certificate[]> arrayList = new ArrayList<>();
        ArrayList<RevocationInfo> arrayList2 = new ArrayList<>();
        boolean z = false;
        for (int i = 0; i < size2; i++) {
            ReplyWantBack replyWantBack = replyWantBacks.get(i);
            String wb = replyWantBack.getWb();
            byte[] value = replyWantBack.getValue();
            if (wb.equals(WantBack.PKC_BEST_CERT_PATH)) {
                CertBundle decode = CertBundle.decode(value);
                if (decode.size() == 0) {
                    throw new u("id-swb-pkc-best-cert-path:cert path is empty");
                }
                arrayList.add(certBundle2CertPath(decode));
                z = true;
            } else if (this.getRevInfo && wb.equals(WantBack.PKC_REVOCATION_INFO)) {
                RevocationInfos revocationInfo = RevInfoWantBack.decode(value).getRevocationInfo();
                if (revocationInfo.size() == 0) {
                    throw new u("id-swb-pkc-revocation-info:revocationInfos is empty");
                }
                addRevocationInfo(arrayList2, revocationInfo);
            }
        }
        if (!z) {
            throw new u("no replyWantBacks match");
        }
        this.revInfoList = arrayList2;
        this.respValidationPolicy = sCVPResp.getRespValidationPolicy();
        return arrayList;
    }

    public ArrayList<RevocationInfo> getRevInfo() {
        return this.revInfoList;
    }

    public ValidationPolicy getValidationPolicy() {
        return this.respValidationPolicy;
    }

    public HttpSCVPGetCertPath setCachedResponse(boolean z) {
        this.cachedResponse = z;
        return this;
    }

    public HttpSCVPGetCertPath setCert(X509Certificate x509Certificate) {
        this.cert = x509Certificate;
        return this;
    }

    public HttpSCVPGetCertPath setFullRequestInResponse(boolean z) {
        this.fullRequestInResponse = z;
        return this;
    }

    public HttpSCVPGetCertPath setGetRevInfo(boolean z) {
        this.getRevInfo = z;
        return this;
    }

    public HttpSCVPGetCertPath setHashAlgorithm(String str) {
        this.hashAlgorithm = str;
        return this;
    }

    public HttpSCVPGetCertPath setHashImplement(Hashable hashable) {
        this.hasher = hashable;
        return this;
    }

    public HttpSCVPGetCertPath setNonceLength(int i) {
        if (i > 0) {
            this.nonce = this.randGenerator.generate(i);
            return this;
        }
        throw new u("bad nonce length:" + i);
    }

    public HttpSCVPGetCertPath setResponseValidationPolByRef(boolean z) {
        this.responseValidationPolByRef = z;
        return this;
    }

    public HttpSCVPGetCertPath setSecureRandomGenerator(SecureRandomGenerator secureRandomGenerator) {
        this.randGenerator = secureRandomGenerator;
        return this;
    }

    public HttpSCVPGetCertPath setValidationPolicy(ValidationPolicy validationPolicy) {
        this.validationPolicy = validationPolicy;
        return this;
    }
}
