package org.bouncycastle.jce.provider;

import Ab.o;
import Ab.v;
import Bb.a;
import Ib.B;
import Ib.C0592a;
import Ib.C0593b;
import Ib.C0599h;
import Ib.C0604m;
import Ib.C0610t;
import Ib.C0612v;
import Ib.L;
import Jb.n;
import dc.InterfaceC1461a;
import fc.InterfaceC1588a;
import hc.f;
import hc.g;
import ib.InterfaceC1702b;
import ib.InterfaceC1707g;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import lc.c;
import lc.d;
import mb.InterfaceC2113a;
import org.bouncycastle.asn1.AbstractC2224l;
import org.bouncycastle.asn1.AbstractC2228p;
import org.bouncycastle.asn1.C2221i;
import org.bouncycastle.asn1.C2223k;
import org.bouncycastle.asn1.P;
import org.bouncycastle.asn1.S;
import r3.C2346a;
import rb.InterfaceC2380a;
import vb.b;
import yb.C2774a;
import yb.h;
import zb.InterfaceC2825b;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class ProvOcspRevocationChecker implements f {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final c helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private g parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C2223k("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(o.f237o, "SHA224WITHRSA");
        hashMap.put(o.l, "SHA256WITHRSA");
        hashMap.put(o.f233m, "SHA384WITHRSA");
        hashMap.put(o.f235n, "SHA512WITHRSA");
        hashMap.put(InterfaceC2113a.f42263m, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC2113a.f42264n, "GOST3411WITHECGOST3410");
        hashMap.put(a.f432g, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(a.f433h, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC1461a.f34385a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1461a.f34386b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1461a.f34387c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1461a.f34388d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1461a.f34389e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1461a.f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC1588a.f34916a, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC1588a.f34917b, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC1588a.f34918c, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC1588a.f34919d, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC1588a.f34920e, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC2380a.f44138a, "XMSS");
        hashMap.put(InterfaceC2380a.f44139b, "XMSSMT");
        hashMap.put(new C2223k("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C2223k("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C2223k("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(n.f2676A0, "SHA1WITHECDSA");
        hashMap.put(n.f2679D0, "SHA224WITHECDSA");
        hashMap.put(n.f2680E0, "SHA256WITHECDSA");
        hashMap.put(n.f2681F0, "SHA384WITHECDSA");
        hashMap.put(n.f2682G0, "SHA512WITHECDSA");
        hashMap.put(InterfaceC2825b.f46832h, "SHA1WITHRSA");
        hashMap.put(InterfaceC2825b.f46831g, "SHA1WITHDSA");
        hashMap.put(b.f45905P, "SHA224WITHDSA");
        hashMap.put(b.f45906Q, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, c cVar) {
        this.parent = provRevocationChecker;
        this.helper = cVar;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(L.A(publicKey.getEncoded()).B().M());
    }

    private yb.b createCertID(C0593b c0593b, C0604m c0604m, C2221i c2221i) throws CertPathValidatorException {
        try {
            MessageDigest a6 = this.helper.a(d.a(c0593b.u()));
            return new yb.b(c0593b, new S(a6.digest(c0604m.H().t("DER"))), new S(a6.digest(c0604m.I().B().M())), c2221i);
        } catch (Exception e10) {
            throw new CertPathValidatorException("problem creating ID: " + e10, e10);
        }
    }

    private yb.b createCertID(yb.b bVar, C0604m c0604m, C2221i c2221i) throws CertPathValidatorException {
        return createCertID(bVar.u(), c0604m, c2221i);
    }

    private C0604m extractCert() throws CertPathValidatorException {
        try {
            return C0604m.w(this.parameters.d().getEncoded());
        } catch (Exception e10) {
            throw new CertPathValidatorException(Ab.n.l(e10, Ab.n.s("cannot process signing cert: ")), e10, this.parameters.a(), this.parameters.b());
        }
    }

    private static String getDigestName(C2223k c2223k) {
        String a6 = d.a(c2223k);
        int indexOf = a6.indexOf(45);
        if (indexOf <= 0 || a6.startsWith("SHA3")) {
            return a6;
        }
        return a6.substring(0, indexOf) + a6.substring(indexOf + 1);
    }

    static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C0610t.f2078R1.Q());
        if (extensionValue == null) {
            return null;
        }
        C0592a[] u10 = C0599h.w(AbstractC2224l.M(extensionValue).O()).u();
        for (int i10 = 0; i10 != u10.length; i10++) {
            C0592a c0592a = u10[i10];
            if (C0592a.f2014q.C(c0592a.w())) {
                C0612v u11 = c0592a.u();
                if (u11.A() == 6) {
                    try {
                        return new URI(((InterfaceC1707g) u11.w()).g());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C0593b c0593b) {
        InterfaceC1702b A = c0593b.A();
        if (A != null && !P.f42792c.B(A) && c0593b.u().C(o.f230k)) {
            return C2346a.j(new StringBuilder(), getDigestName(v.w(A).u().u()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c0593b.u());
        C2223k u10 = c0593b.u();
        return containsKey ? (String) map.get(u10) : u10.Q();
    }

    private static X509Certificate getSignerCert(C2774a c2774a, X509Certificate x509Certificate, X509Certificate x509Certificate2, c cVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        h w5 = c2774a.C().w();
        byte[] u10 = w5.u();
        if (u10 != null) {
            MessageDigest a6 = cVar.a("SHA1");
            if (x509Certificate2 != null && Arrays.equals(u10, calcKeyHash(a6, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(u10, calcKeyHash(a6, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        Hb.a aVar = Hb.a.f;
        Gb.c u11 = Gb.c.u(aVar, w5.w());
        if (x509Certificate2 != null && u11.equals(Gb.c.u(aVar, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !u11.equals(Gb.c.u(aVar, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(h hVar, X509Certificate x509Certificate, c cVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] u10 = hVar.u();
        if (u10 != null) {
            return Arrays.equals(u10, calcKeyHash(cVar.a("SHA1"), x509Certificate.getPublicKey()));
        }
        Hb.a aVar = Hb.a.f;
        return Gb.c.u(aVar, hVar.w()).equals(Gb.c.u(aVar, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean validatedOcspResponse(C2774a c2774a, g gVar, byte[] bArr, X509Certificate x509Certificate, c cVar) throws CertPathValidatorException {
        try {
            AbstractC2228p u10 = c2774a.u();
            Signature createSignature = cVar.createSignature(getSignatureName(c2774a.B()));
            X509Certificate signerCert = getSignerCert(c2774a, gVar.d(), x509Certificate, cVar);
            if (signerCert == null && u10 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) cVar.e("X.509").generateCertificate(new ByteArrayInputStream(u10.O(0).f().getEncoded()));
                x509Certificate2.verify(gVar.d().getPublicKey());
                x509Certificate2.checkValidity(gVar.e());
                if (!responderMatches(c2774a.C().w(), x509Certificate2, cVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, gVar.a(), gVar.b());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(B.f1933d.u())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, gVar.a(), gVar.b());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c2774a.C().t("DER"));
            if (!createSignature.verify(c2774a.A().M())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c2774a.C().A().u(yb.d.f46593b).w().O())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, gVar.a(), gVar.b());
            }
            return true;
        } catch (IOException e10) {
            throw new CertPathValidatorException(androidx.appcompat.view.g.j(e10, Ab.n.s("OCSP response failure: ")), e10, gVar.a(), gVar.b());
        } catch (CertPathValidatorException e11) {
            throw e11;
        } catch (GeneralSecurityException e12) {
            StringBuilder s3 = Ab.n.s("OCSP response failure: ");
            s3.append(e12.getMessage());
            throw new CertPathValidatorException(s3.toString(), e12, gVar.a(), gVar.b());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x019a, code lost:
    
        if (r0.u().equals(r1.u().u()) != false) goto L66;
     */
    @Override // hc.f
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 649
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z10) throws CertPathValidatorException {
        if (z10) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = Pc.g.b("ocsp.enable");
        this.ocspURL = Pc.g.a("ocsp.responderURL");
    }

    @Override // hc.f
    public void initialize(g gVar) {
        this.parameters = gVar;
        this.isEnabledOCSP = Pc.g.b("ocsp.enable");
        this.ocspURL = Pc.g.a("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void setParameter(String str, Object obj) {
    }
}
