package org.bouncycastle.jce.provider;

import com.nimbusds.jose.crypto.C6238;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import p1199.C38955;
import p1281.AbstractC40842;
import p1281.AbstractC40852;
import p1281.C40830;
import p1281.C40839;
import p1281.C40912;
import p1281.InterfaceC40811;
import p1281.InterfaceC40863;
import p143.C11507;
import p1518.InterfaceC48785;
import p1534.InterfaceC49373;
import p1588.InterfaceC50996;
import p1775.C54388;
import p2098.C60221;
import p2098.C60222;
import p2098.C60230;
import p2098.InterfaceC60225;
import p2107.InterfaceC60667;
import p310.C15627;
import p310.C15628;
import p310.C15636;
import p310.C15643;
import p310.C15654;
import p310.C15658;
import p310.C15666;
import p310.C15687;
import p351.C16461;
import p545.InterfaceC22133;
import p573.InterfaceC22653;
import p603.C23225;
import p650.C24555;
import p650.InterfaceC24554;
import p673.C25047;
import p673.InterfaceC25039;
import p675.C25080;
import p675.InterfaceC25082;
import p686.InterfaceC25293;
import p691.InterfaceC25365;
import p699.C25526;
import p740.InterfaceC26138;
import p743.C26184;
import p743.InterfaceC26182;
import p898.C32285;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvOcspRevocationChecker implements InterfaceC24554 {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final InterfaceC26182 helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private C24555 parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C40839(InterfaceC48785.f152799), "SHA1WITHRSA");
        hashMap.put(InterfaceC25039.f81899, "SHA224WITHRSA");
        hashMap.put(InterfaceC25039.f81876, "SHA256WITHRSA");
        hashMap.put(InterfaceC25039.f81868, "SHA384WITHRSA");
        hashMap.put(InterfaceC25039.f81803, "SHA512WITHRSA");
        hashMap.put(InterfaceC26138.f84964, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC26138.f84965, "GOST3411WITHECGOST3410");
        hashMap.put(InterfaceC49373.f156349, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(InterfaceC49373.f156350, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC25365.f82702, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC25365.f82703, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC25365.f82704, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC25365.f82705, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC25365.f82706, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC25365.f82707, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC60667.f188584, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC60667.f188585, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC60667.f188586, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC60667.f188587, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC60667.f188588, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC25293.f82532, "XMSS");
        hashMap.put(InterfaceC25293.f82533, "XMSSMT");
        hashMap.put(new C40839("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C40839("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C40839("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(InterfaceC22653.f76876, "SHA1WITHECDSA");
        hashMap.put(InterfaceC22653.f76880, "SHA224WITHECDSA");
        hashMap.put(InterfaceC22653.f76881, "SHA256WITHECDSA");
        hashMap.put(InterfaceC22653.f76882, "SHA384WITHECDSA");
        hashMap.put(InterfaceC22653.f76883, "SHA512WITHECDSA");
        hashMap.put(InterfaceC50996.f159852, "SHA1WITHRSA");
        hashMap.put(InterfaceC50996.f159851, "SHA1WITHDSA");
        hashMap.put(InterfaceC22133.f75736, "SHA224WITHDSA");
        hashMap.put(InterfaceC22133.f75737, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, InterfaceC26182 interfaceC26182) {
        this.parent = provRevocationChecker;
        this.helper = interfaceC26182;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(C15687.m82834(publicKey.getEncoded()).m82839().m159661());
    }

    private C60222 createCertID(C15628 c15628, C15643 c15643, C40830 c40830) throws CertPathValidatorException {
        try {
            MessageDigest mo118024 = this.helper.mo118024(C26184.m118039(c15628.m82514()));
            return new C60222(c15628, new AbstractC40842(mo118024.digest(c15643.m82584().m159770("DER"))), new AbstractC40842(mo118024.digest(c15643.m82585().m82839().m159661())), c40830);
        } catch (Exception e) {
            throw new CertPathValidatorException(C11507.m67967("problem creating ID: ", e), e);
        }
    }

    private C60222 createCertID(C60222 c60222, C15643 c15643, C40830 c40830) throws CertPathValidatorException {
        return createCertID(c60222.m216691(), c15643, c40830);
    }

    private C15643 extractCert() throws CertPathValidatorException {
        try {
            return C15643.m82576(this.parameters.m113737().getEncoded());
        } catch (Exception e) {
            throw new CertPathValidatorException(C23225.m109255(e, new StringBuilder("cannot process signing cert: ")), e, this.parameters.m113734(), this.parameters.m113735());
        }
    }

    private static String getDigestName(C40839 c40839) {
        String m118039 = C26184.m118039(c40839);
        int indexOf = m118039.indexOf(45);
        if (indexOf <= 0 || m118039.startsWith("SHA3")) {
            return m118039;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(m118039.substring(0, indexOf));
        return C32285.m133317(m118039, indexOf + 1, sb);
    }

    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C15654.f58573.m159783());
        if (extensionValue == null) {
            return null;
        }
        C15627[] m82552 = C15636.m82551(AbstractC40842.m159787(extensionValue).m159790()).m82552();
        for (int i2 = 0; i2 != m82552.length; i2++) {
            C15627 c15627 = m82552[i2];
            if (C15627.f58456.m159822(c15627.m82511())) {
                C15658 m82510 = c15627.m82510();
                if (m82510.m82674() == 6) {
                    try {
                        return new URI(((InterfaceC40863) m82510.m82676()).mo115155());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C15628 c15628) {
        InterfaceC40811 m82515 = c15628.m82515();
        if (m82515 != null && !C40912.f128215.m159821(m82515) && c15628.m82514().m159822(InterfaceC25039.f81874)) {
            return C38955.m152033(new StringBuilder(), getDigestName(C25047.m114983(m82515).m114984().m82514()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c15628.m82514());
        C40839 m82514 = c15628.m82514();
        return containsKey ? (String) map.get(m82514) : m82514.m159783();
    }

    private static X509Certificate getSignerCert(C60221 c60221, X509Certificate x509Certificate, X509Certificate x509Certificate2, InterfaceC26182 interfaceC26182) throws NoSuchProviderException, NoSuchAlgorithmException {
        C60230 m216730 = c60221.m216688().m216730();
        byte[] m216721 = m216730.m216721();
        if (m216721 != null) {
            MessageDigest mo118024 = interfaceC26182.mo118024("SHA1");
            if (x509Certificate2 != null && Arrays.equals(m216721, calcKeyHash(mo118024, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(m216721, calcKeyHash(mo118024, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        InterfaceC25082 interfaceC25082 = C16461.f60818;
        C25080 m115164 = C25080.m115164(interfaceC25082, m216730.m216722());
        if (x509Certificate2 != null && m115164.equals(C25080.m115164(interfaceC25082, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !m115164.equals(C25080.m115164(interfaceC25082, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C60230 c60230, X509Certificate x509Certificate, InterfaceC26182 interfaceC26182) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] m216721 = c60230.m216721();
        if (m216721 != null) {
            return Arrays.equals(m216721, calcKeyHash(interfaceC26182.mo118024("SHA1"), x509Certificate.getPublicKey()));
        }
        InterfaceC25082 interfaceC25082 = C16461.f60818;
        return C25080.m115164(interfaceC25082, c60230.m216722()).equals(C25080.m115164(interfaceC25082, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(C60221 c60221, C24555 c24555, byte[] bArr, X509Certificate x509Certificate, InterfaceC26182 interfaceC26182) throws CertPathValidatorException {
        try {
            AbstractC40852 m216685 = c60221.m216685();
            Signature createSignature = interfaceC26182.createSignature(getSignatureName(c60221.m216687()));
            X509Certificate signerCert = getSignerCert(c60221, c24555.m113737(), x509Certificate, interfaceC26182);
            if (signerCert == null && m216685 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) interfaceC26182.mo118028("X.509").generateCertificate(new ByteArrayInputStream(m216685.mo159843(0).mo35135().getEncoded()));
                x509Certificate2.verify(c24555.m113737().getPublicKey());
                x509Certificate2.checkValidity(c24555.m113738());
                if (!responderMatches(c60221.m216688().m216730(), x509Certificate2, interfaceC26182)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, c24555.m113734(), c24555.m113735());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C15666.f58651.m82720())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, c24555.m113734(), c24555.m113735());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c60221.m216688().m159770("DER"));
            if (!createSignature.verify(c60221.m216686().m159661())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c60221.m216688().m216731().m82651(InterfaceC60225.f187611).m82642().m159790())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, c24555.m113734(), c24555.m113735());
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(C25526.m116091(e, new StringBuilder("OCSP response failure: ")), e, c24555.m113734(), c24555.m113735());
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException(C6238.m29283(e3, new StringBuilder("OCSP response failure: ")), e3, c24555.m113734(), c24555.m113735());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x01a5, code lost:
    
        if (r0.m216691().equals(r1.m216748().m216691()) != false) goto L71;
     */
    @Override // p650.InterfaceC24554
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = C54388.m198452("ocsp.enable");
        this.ocspURL = C54388.m198450("ocsp.responderURL");
    }

    @Override // p650.InterfaceC24554
    public void initialize(C24555 c24555) {
        this.parameters = c24555;
        this.isEnabledOCSP = C54388.m198452("ocsp.enable");
        this.ocspURL = C54388.m198450("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // p650.InterfaceC24554
    public void setParameter(String str, Object obj) {
    }
}
