package org.gmbc.jce.provider;

import cn.cloudcore.gmtls.a6;
import cn.cloudcore.gmtls.ad;
import cn.cloudcore.gmtls.c6;
import cn.cloudcore.gmtls.d9;
import cn.cloudcore.gmtls.db;
import cn.cloudcore.gmtls.e4;
import cn.cloudcore.gmtls.fa;
import cn.cloudcore.gmtls.gc;
import cn.cloudcore.gmtls.h8;
import cn.cloudcore.gmtls.ia;
import cn.cloudcore.gmtls.j30;
import cn.cloudcore.gmtls.k9;
import cn.cloudcore.gmtls.kb;
import cn.cloudcore.gmtls.l4;
import cn.cloudcore.gmtls.o4;
import cn.cloudcore.gmtls.p4;
import cn.cloudcore.gmtls.rq;
import cn.cloudcore.gmtls.s8;
import cn.cloudcore.gmtls.v4;
import cn.cloudcore.gmtls.v8;
import cn.cloudcore.gmtls.vq;
import cn.cloudcore.gmtls.w7;
import cn.cloudcore.gmtls.w8;
import cn.cloudcore.gmtls.wa;
import cn.cloudcore.gmtls.wb;
import cn.cloudcore.gmtls.xa;
import cn.cloudcore.gmtls.y8;
import cn.cloudcore.gmtls.y9;
import cn.cloudcore.gmtls.ya;
import com.dcits.ehome.constant.CBuildConfig;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.gmbc.jcajce.PKIXCertRevocationChecker;
import org.gmbc.jcajce.PKIXCertRevocationCheckerParameters;
import org.gmbc.jcajce.util.JcaJceHelper;
import org.gmbc.jcajce.util.MessageDigestUtils;

/* loaded from: classes2.dex */
public class ProvOcspRevocationChecker implements PKIXCertRevocationChecker {
    public static final Map h2;
    public final ProvRevocationChecker c2;
    public final JcaJceHelper d2;
    public PKIXCertRevocationCheckerParameters e2;
    public boolean f2;
    public String g2;

    static {
        HashMap hashMap = new HashMap();
        h2 = hashMap;
        hashMap.put(new o4("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(y9.w0, "SHA224WITHRSA");
        hashMap.put(y9.t0, "SHA256WITHRSA");
        hashMap.put(y9.u0, "SHA384WITHRSA");
        hashMap.put(y9.v0, "SHA512WITHRSA");
        hashMap.put(w7.n, "GOST3411WITHGOST3410");
        hashMap.put(w7.o, "GOST3411WITHECGOST3410");
        hashMap.put(ia.f1103i, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(ia.f1104j, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(rq.f2023d, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(rq.f2024e, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(rq.f2025f, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(rq.f2026g, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(rq.f2027h, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(rq.f2028i, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(vq.f2521i, "SHA1WITHCVC-ECDSA");
        hashMap.put(vq.f2522j, "SHA224WITHCVC-ECDSA");
        hashMap.put(vq.f2523k, "SHA256WITHCVC-ECDSA");
        hashMap.put(vq.f2524l, "SHA384WITHCVC-ECDSA");
        hashMap.put(vq.f2525m, "SHA512WITHCVC-ECDSA");
        hashMap.put(h8.f1009a, "XMSS");
        hashMap.put(h8.f1010b, "XMSSMT");
        hashMap.put(new o4("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new o4("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new o4("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(ad.f109h, "SHA1WITHECDSA");
        hashMap.put(ad.f113l, "SHA224WITHECDSA");
        hashMap.put(ad.f114m, "SHA256WITHECDSA");
        hashMap.put(ad.n, "SHA384WITHECDSA");
        hashMap.put(ad.o, "SHA512WITHECDSA");
        hashMap.put(k9.f1340h, "SHA1WITHRSA");
        hashMap.put(k9.f1339g, "SHA1WITHDSA");
        hashMap.put(s8.S, "SHA224WITHDSA");
        hashMap.put(s8.T, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, JcaJceHelper jcaJceHelper) {
        this.c2 = provRevocationChecker;
        this.d2 = jcaJceHelper;
    }

    public static String d(db dbVar) {
        e4 e4Var = dbVar.d2;
        if (e4Var == null || a6.c2.i(e4Var) || !dbVar.c2.k(y9.s0)) {
            Map map = h2;
            return map.containsKey(dbVar.c2) ? (String) map.get(dbVar.c2) : dbVar.c2.c2;
        }
        String a2 = MessageDigestUtils.a(fa.g(e4Var).c2.c2);
        int indexOf = a2.indexOf(45);
        if (indexOf > 0 && !a2.startsWith("SHA3")) {
            a2 = String.valueOf(a2.substring(0, indexOf)) + a2.substring(indexOf + 1);
        }
        return String.valueOf(a2) + "WITHRSAANDMGF1";
    }

    public static X509Certificate e(v8 v8Var, X509Certificate x509Certificate, X509Certificate x509Certificate2, JcaJceHelper jcaJceHelper) throws NoSuchProviderException, NoSuchAlgorithmException {
        e4 e4Var = v8Var.c2.e2.c2;
        boolean z = e4Var instanceof p4;
        byte[] bArr = z ? ((p4) e4Var).c2 : null;
        if (bArr != null) {
            MessageDigest h3 = jcaJceHelper.h(CBuildConfig.digestGesturePsw);
            if (x509Certificate2 != null && Arrays.equals(bArr, h(h3, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, h(h3, x509Certificate.getPublicKey()))) {
                return x509Certificate;
            }
        } else {
            xa xaVar = ya.Q;
            wa g2 = wa.g(xaVar, z ? null : wa.h(e4Var));
            if (x509Certificate2 != null && g2.equals(wa.g(xaVar, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && g2.equals(wa.g(xaVar, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static boolean f(d9 d9Var, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) throws NoSuchProviderException, NoSuchAlgorithmException {
        e4 e4Var = d9Var.c2;
        boolean z = e4Var instanceof p4;
        byte[] bArr = z ? ((p4) e4Var).c2 : null;
        if (bArr != null) {
            return Arrays.equals(bArr, h(jcaJceHelper.h(CBuildConfig.digestGesturePsw), x509Certificate.getPublicKey()));
        }
        xa xaVar = ya.Q;
        return wa.g(xaVar, z ? null : wa.h(e4Var)).equals(wa.g(xaVar, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean g(v8 v8Var, PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters, byte[] bArr, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) throws CertPathValidatorException {
        try {
            v4 v4Var = v8Var.f2;
            Signature a2 = jcaJceHelper.a(d(v8Var.d2));
            X509Certificate e2 = e(v8Var, pKIXCertRevocationCheckerParameters.f9635e, x509Certificate, jcaJceHelper);
            if (e2 == null && v4Var == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (e2 != null) {
                a2.initVerify(e2.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) jcaJceHelper.e("X.509").generateCertificate(new ByteArrayInputStream(v4Var.p(0).d().getEncoded()));
                x509Certificate2.verify(pKIXCertRevocationCheckerParameters.f9635e.getPublicKey());
                x509Certificate2.checkValidity(pKIXCertRevocationCheckerParameters.a());
                if (!f(v8Var.c2.e2, x509Certificate2, jcaJceHelper)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, pKIXCertRevocationCheckerParameters.f9633c, pKIXCertRevocationCheckerParameters.f9634d);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(wb.e2.c2.c2)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, pKIXCertRevocationCheckerParameters.f9633c, pKIXCertRevocationCheckerParameters.f9634d);
                }
                a2.initVerify(x509Certificate2);
            }
            a2.update(v8Var.c2.e("DER"));
            if (!a2.verify(v8Var.e2.p())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, v8Var.c2.h2.g(y8.f2703c).e2.c2)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, pKIXCertRevocationCheckerParameters.f9633c, pKIXCertRevocationCheckerParameters.f9634d);
            }
            return true;
        } catch (IOException e3) {
            throw new CertPathValidatorException("OCSP response failure: " + e3.getMessage(), e3, pKIXCertRevocationCheckerParameters.f9633c, pKIXCertRevocationCheckerParameters.f9634d);
        } catch (CertPathValidatorException e4) {
            throw e4;
        } catch (GeneralSecurityException e5) {
            throw new CertPathValidatorException("OCSP response failure: " + e5.getMessage(), e5, pKIXCertRevocationCheckerParameters.f9633c, pKIXCertRevocationCheckerParameters.f9634d);
        }
    }

    public static byte[] h(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(gc.g(publicKey.getEncoded()).d2.p());
    }

    public final kb a() throws CertPathValidatorException {
        try {
            return kb.g(this.e2.f9635e.getEncoded());
        } catch (Exception e2) {
            String str = "cannot process signing cert: " + e2.getMessage();
            PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters = this.e2;
            throw new CertPathValidatorException(str, e2, pKIXCertRevocationCheckerParameters.f9633c, pKIXCertRevocationCheckerParameters.f9634d);
        }
    }

    @Override // org.gmbc.jcajce.PKIXCertRevocationChecker
    public void b(PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters) {
        this.e2 = pKIXCertRevocationCheckerParameters;
        this.f2 = j30.c("ocsp.enable");
        this.g2 = j30.a("ocsp.responderURL");
    }

    public final w8 c(db dbVar, kb kbVar, l4 l4Var) throws CertPathValidatorException {
        try {
            MessageDigest h3 = this.d2.h(MessageDigestUtils.a(dbVar.c2));
            return new w8(dbVar, new c6(h3.digest(kbVar.d2.j2.e("DER"))), new c6(h3.digest(kbVar.d2.k2.d2.p())), l4Var);
        } catch (Exception e2) {
            throw new CertPathValidatorException("problem creating ID: " + e2, e2);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x0122, code lost:
    
        if (r14 != null) goto L193;
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x03d5, code lost:
    
        if (r14.c2.equals(r2.c2.c2) != false) goto L153;
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:123:0x047e  */
    /* JADX WARN: Removed duplicated region for block: B:191:0x048d  */
    /* JADX WARN: Removed duplicated region for block: B:64:0x0341  */
    @Override // org.gmbc.jcajce.PKIXCertRevocationChecker
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r25) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 1196
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.gmbc.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }
}
