package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C6329;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p091.C9420;
import p1053.C33155;
import p116.InterfaceC9794;
import p1205.C35644;
import p1409.C40339;
import p145.C12191;
import p145.C12192;
import p145.C12200;
import p145.InterfaceC12195;
import p149.AbstractC12262;
import p149.AbstractC12272;
import p149.C12250;
import p149.C12259;
import p149.C12332;
import p149.InterfaceC12231;
import p149.InterfaceC12283;
import p1682.InterfaceC46871;
import p1725.C48537;
import p1725.InterfaceC48539;
import p174.InterfaceC13085;
import p1747.C49009;
import p1887.InterfaceC51134;
import p1890.InterfaceC51219;
import p1902.C51358;
import p2106.C59907;
import p2106.InterfaceC59899;
import p472.C19400;
import p472.C19401;
import p472.C19409;
import p472.C19416;
import p472.C19428;
import p472.C19432;
import p472.C19440;
import p472.C19461;
import p531.C20275;
import p537.InterfaceC20402;
import p549.InterfaceC20736;
import p674.InterfaceC23419;
import p749.C24798;
import p749.InterfaceC24796;
import p752.InterfaceC24884;
import p920.C30421;
import p920.InterfaceC30420;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvOcspRevocationChecker implements InterfaceC30420 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC24796 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C30421 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C12259(InterfaceC13085.f50808), "SHA1WITHRSA");
        hashMap.put(InterfaceC59899.f186924, "SHA224WITHRSA");
        hashMap.put(InterfaceC59899.f186973, "SHA256WITHRSA");
        hashMap.put(InterfaceC59899.f186949, "SHA384WITHRSA");
        hashMap.put(InterfaceC59899.f186984, "SHA512WITHRSA");
        hashMap.put(InterfaceC23419.f82942, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC23419.f82943, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC24884.f88179, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC24884.f88180, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC20402.f76278, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC20402.f76279, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC20402.f76280, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC20402.f76281, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC20402.f76282, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC20402.f76283, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC51219.f163664, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC51219.f163665, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC51219.f163666, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC51219.f163667, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC51219.f163668, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC9794.f44813, "XMSS");
        hashMap.put(InterfaceC9794.f44814, "XMSSMT");
        hashMap.put(new C12259("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C12259("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C12259("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC46871.f150559, "SHA1WITHECDSA");
        hashMap.put(InterfaceC46871.f150577, "SHA224WITHECDSA");
        hashMap.put(InterfaceC46871.f150562, "SHA256WITHECDSA");
        hashMap.put(InterfaceC46871.f150574, "SHA384WITHECDSA");
        hashMap.put(InterfaceC46871.f150535, "SHA512WITHECDSA");
        hashMap.put(InterfaceC20736.f76960, "SHA1WITHRSA");
        hashMap.put(InterfaceC20736.f76959, "SHA1WITHDSA");
        hashMap.put(InterfaceC51134.f163339, "SHA224WITHDSA");
        hashMap.put(InterfaceC51134.f163340, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC24796 interfaceC24796) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC24796;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C19461.m92210(publicKey.getEncoded()).m92215().m69751());
    }

    private C12192 createCertID(C12192 c12192, C19416 c19416, C12250 c12250) throws CertPathValidatorException {
        return createCertID(c12192.m69591(), c19416, c12250);
    }

    private C12192 createCertID(C19401 c19401, C19416 c19416, C12250 c12250) throws CertPathValidatorException {
        try {
            MessageDigest mo115003 = this.helper.mo115003(C24798.m115018(c19401.m91878()));
            return new C12192(c19401, new AbstractC12262(mo115003.digest(c19416.m91948().m69860("DER"))), new AbstractC12262(mo115003.digest(c19416.m91949().m92215().m69751())), c12250);
        } catch (Exception e) {
            throw new CertPathValidatorException(C49009.m182758("problem creating ID: ", e), e);
        }
    }

    private C19416 extractCert() throws CertPathValidatorException {
        try {
            return C19416.m91940(this.parameters.m129806().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C9420.m40831(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m129803(), this.parameters.m129804());
        }
    }

    private static String getDigestName(C12259 c12259) {
        String m115018 = C24798.m115018(c12259);
        int indexOf = m115018.indexOf(45);
        if (indexOf <= 0 || m115018.startsWith("SHA3")) {
            return m115018;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m115018.substring(0, indexOf));
        return C20275.m95384(m115018, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C19428.f73139.m69873());
        if (extensionValue == null) {
            return null;
        }
        C19400[] m91916 = C19409.m91915(AbstractC12262.m69877(extensionValue).m69880()).m91916();
        for (int i2 = 0; i2 != m91916.length; i2++) {
            C19400 c19400 = m91916[i2];
            if (C19400.f73013.m69912(c19400.m91875())) {
                C19432 m91874 = c19400.m91874();
                if (m91874.m92050() == 6) {
                    try {
                        return new URI(((InterfaceC12283) m91874.m92052()).mo69738());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C19401 c19401) {
        InterfaceC12231 m91879 = c19401.m91879();
        if (m91879 != null && !C12332.f47094.m69911(m91879) && c19401.m91878().m69912(InterfaceC59899.f186897)) {
            return C35644.m143614(new StringBuilder(), getDigestName(C59907.m216126(m91879).m216127().m91878()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c19401.m91878());
        C12259 m91878 = c19401.m91878();
        return containsKey ? (String) map.get(m91878) : m91878.m69873();
    }

    private static X509Certificate getSignerCert(C12191 c12191, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC24796 interfaceC24796) throws NoSuchProviderException, NoSuchAlgorithmException {
        C12200 m69630 = c12191.m69588().m69630();
        byte[] m69621 = m69630.m69621();
        if (m69621 != null) {
            MessageDigest mo115003 = interfaceC24796.mo115003("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m69621, calcKeyHash(mo115003, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m69621, calcKeyHash(mo115003, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC48539 interfaceC48539 = C40339.f132377;
        C48537 m181187 = C48537.m181187(interfaceC48539, m69630.m69622());
        if (x509Certificate2 != null && m181187.equals(C48537.m181187(interfaceC48539, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m181187.equals(C48537.m181187(interfaceC48539, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C12200 c12200, X509Certificate x509Certificate, InterfaceC24796 interfaceC24796) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m69621 = c12200.m69621();
        if (m69621 != null) {
            return Arrays.equals(m69621, calcKeyHash(interfaceC24796.mo115003("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC48539 interfaceC48539 = C40339.f132377;
        return C48537.m181187(interfaceC48539, c12200.m69622()).equals(C48537.m181187(interfaceC48539, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C12191 c12191, C30421 c30421, byte[] bArr, X509Certificate x509Certificate, InterfaceC24796 interfaceC24796) throws CertPathValidatorException {
        try {
            AbstractC12272 m69585 = c12191.m69585();
            Signature createSignature = interfaceC24796.createSignature(getSignatureName(c12191.m69587()));
            X509Certificate signerCert = getSignerCert(c12191, c30421.m129806(), x509Certificate, interfaceC24796);
            if (signerCert == null && m69585 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC24796.mo115007("X.509").generateCertificate(new ByteArrayInputStream(m69585.mo69933(0).mo35850().getEncoded()));
                x509Certificate2.verify(c30421.m129806().getPublicKey());
                x509Certificate2.checkValidity(c30421.m129807());
                if (!responderMatches(c12191.m69588().m69630(), x509Certificate2, interfaceC24796)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c30421.m129803(), c30421.m129804());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C19440.f73217.m92096())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c30421.m129803(), c30421.m129804());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c12191.m69588().m69860("DER"));
            if (!createSignature.verify(c12191.m69586().m69751())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c12191.m69588().m69631().m92027(InterfaceC12195.f46764).m92018().m69880())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c30421.m129803(), c30421.m129804());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C51358.m190343(e, new StringBuilder("OCSP response failure: ")), e, c30421.m129803(), c30421.m129804());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C6329.m29607(e3, new StringBuilder("OCSP response failure: ")), e3, c30421.m129803(), c30421.m129804());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a5, code lost:
    
        if (r0.m69591().equals(r1.m69648().m69591()) != false) goto L71;
     */
    @Override // p920.InterfaceC30420
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C33155.m136501("ocsp.enable");
        this.ocspURL = C33155.m136499("ocsp.responderURL");
    }

    @Override // p920.InterfaceC30420
    public void initialize(C30421 c30421) {
        this.parameters = c30421;
        this.isEnabledOCSP = C33155.m136501("ocsp.enable");
        this.ocspURL = C33155.m136499("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p920.InterfaceC30420
    public void setParameter(String str, Object obj) {
    }
}
