package iaik.x509.ocsp;

import iaik.asn1.ASN;
import iaik.asn1.ASN1;
import iaik.asn1.ASN1Object;
import iaik.asn1.BIT_STRING;
import iaik.asn1.CON_SPEC;
import iaik.asn1.CodingException;
import iaik.asn1.DerCoder;
import iaik.asn1.INTEGER;
import iaik.asn1.ObjectID;
import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.ChoiceOfTime;
import iaik.asn1.structures.GeneralName;
import iaik.utils.Util;
import iaik.x509.V3Extension;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionException;
import iaik.x509.ocsp.extensions.Nonce;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Date;
import java.util.Enumeration;

/* loaded from: classes.dex */
public class BasicOCSPResponse extends Response {

    /* renamed from: a, reason: collision with root package name */
    static Class f1389a;

    /* renamed from: b, reason: collision with root package name */
    static Class f1390b;
    public static final ObjectID responseType = ObjectID.basicOcspResponse;

    /* renamed from: c, reason: collision with root package name */
    private ASN1 f1391c;
    private int d;
    private ResponderID e;
    private ChoiceOfTime f;
    private SingleResponse[] g;
    private OCSPExtensions h;
    private AlgorithmID i;
    private X509Certificate[] j;
    private byte[] k;
    private boolean l;

    public BasicOCSPResponse() {
        this.d = 1;
        a();
        this.f1391c = new ASN1();
    }

    public BasicOCSPResponse(InputStream inputStream) {
        decode(inputStream);
    }

    public BasicOCSPResponse(byte[] bArr) {
        decode(bArr);
    }

    private void a() {
        this.l = true;
        this.f1391c = null;
    }

    private void b() {
        if (this.l) {
            throw new RuntimeException("Cannot perform operation, certificate has to be signed first");
        }
    }

    private void c() {
        this.l = false;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    private void d() {
        int i;
        Class cls;
        Class cls2;
        ASN1Object componentAt = this.f1391c.getComponentAt(0);
        this.i = new AlgorithmID(this.f1391c.getComponentAt(1));
        this.k = (byte[]) ((BIT_STRING) this.f1391c.getComponentAt(2)).getValue();
        if (this.f1391c.countComponents() == 4) {
            ASN1Object aSN1Object = (ASN1Object) this.f1391c.getComponentAt(3).getValue();
            if (f1389a == null) {
                cls2 = class$("iaik.x509.X509Certificate");
                f1389a = cls2;
            } else {
                cls2 = f1389a;
            }
            this.j = (X509Certificate[]) ASN.parseSequenceOf(aSN1Object, cls2);
        }
        ASN1Object componentAt2 = componentAt.getComponentAt(0);
        if (componentAt2.isA(ASN.CON_SPEC) && componentAt2.getAsnType().getTag() == 0) {
            this.d = ((BigInteger) ((ASN1Object) componentAt2.getValue()).getValue()).intValue() + 1;
            i = 1;
        } else {
            i = 0;
        }
        this.e = new ResponderID(componentAt.getComponentAt(i + 0));
        this.f = new ChoiceOfTime(componentAt.getComponentAt(i + 1));
        ASN1Object componentAt3 = componentAt.getComponentAt(i + 2);
        if (f1390b == null) {
            cls = class$("iaik.x509.ocsp.SingleResponse");
            f1390b = cls;
        } else {
            cls = f1390b;
        }
        this.g = (SingleResponse[]) ASN.parseSequenceOf(componentAt3, cls);
        int i2 = i + 3;
        if (i2 < componentAt.countComponents()) {
            this.h = new OCSPExtensions((ASN1Object) componentAt.getComponentAt(i2).getValue());
        }
        this.f1391c.clearASN1Object();
        this.l = false;
    }

    private ASN1Object e() {
        if (this.e == null) {
            throw new OCSPException("Responder ID not set!");
        }
        if (this.f == null) {
            throw new OCSPException("ProducedAt date not set!");
        }
        if (this.g == null || this.g.length == 0) {
            throw new OCSPException("No single responses set!");
        }
        try {
            SEQUENCE sequence = new SEQUENCE();
            if (this.d > 1) {
                sequence.addComponent(new CON_SPEC(0, new INTEGER(this.d - 1)));
            }
            sequence.addComponent(this.e.toASN1Object());
            sequence.addComponent(this.f.toASN1Object());
            sequence.addComponent(ASN.createSequenceOf(this.g));
            if (this.h != null && this.h.countExtensions() > 0) {
                sequence.addComponent(new CON_SPEC(1, this.h.toASN1Object()));
            }
            return sequence;
        } catch (Exception e) {
            throw new OCSPException(e.toString());
        }
    }

    public void addExtension(V3Extension v3Extension) {
        if (this.h == null) {
            this.h = new OCSPExtensions();
        }
        this.h.addExtension(v3Extension);
        a();
    }

    public boolean containsCertificates() {
        return this.j != null && this.j.length > 0;
    }

    public int countExtensions() {
        if (this.h == null) {
            return 0;
        }
        return this.h.countExtensions();
    }

    public int countSingleResponses() {
        return this.g.length;
    }

    public void decode(ASN1Object aSN1Object) {
        this.f1391c = new ASN1(aSN1Object);
        try {
            d();
        } catch (Exception e) {
            throw new CodingException(e.toString());
        }
    }

    public void decode(InputStream inputStream) {
        try {
            this.f1391c = new ASN1(inputStream);
            d();
        } catch (CodingException e) {
            throw new IOException(e.toString());
        } catch (X509ExtensionException e2) {
            throw new IOException(e2.toString());
        }
    }

    @Override // iaik.x509.ocsp.Response
    public void decode(byte[] bArr) {
        try {
            this.f1391c = new ASN1(bArr);
            d();
        } catch (X509ExtensionException e) {
            throw new CodingException(e.toString());
        }
    }

    @Override // iaik.x509.ocsp.Response
    public CertificateResponse getCertificateResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2, GeneralName generalName) {
        if (this.g == null) {
            return null;
        }
        OCSPException oCSPException = null;
        for (int i = 0; i < this.g.length; i++) {
            SingleResponse singleResponse = this.g[i];
            try {
            } catch (OCSPException e) {
                if (oCSPException == null) {
                    oCSPException = e;
                }
            }
            if (singleResponse.isResponseFor(x509Certificate, x509Certificate2, generalName)) {
                return singleResponse;
            }
        }
        if (oCSPException != null) {
            throw new OCSPException(new StringBuffer("Cannot check single responses. ").append(oCSPException.getMessage()).toString());
        }
        return null;
    }

    @Override // iaik.x509.ocsp.Response
    public CertificateResponse getCertificateResponse(ReqCert reqCert) {
        boolean z;
        boolean z2;
        if (this.g != null) {
            int i = 0;
            boolean z3 = false;
            boolean z4 = false;
            while (i < this.g.length) {
                SingleResponse singleResponse = this.g[i];
                if (singleResponse.isResponseFor(reqCert)) {
                    return singleResponse;
                }
                if (reqCert.getType() != singleResponse.getReqCert().getType()) {
                    z = z3;
                    z2 = true;
                } else {
                    if (!z3 && reqCert.getType() == 0) {
                        if (!((CertID) reqCert.getReqCert()).getHashAlgorithm().equals(((CertID) singleResponse.getReqCert().getReqCert()).getHashAlgorithm())) {
                            z = true;
                            z2 = z4;
                        }
                    }
                    z = z3;
                    z2 = z4;
                }
                i++;
                z4 = z2;
                z3 = z;
            }
            if (z4 || z3) {
                String str = z3 ? "certIDs with different hash algorithms" : "";
                StringBuffer append = new StringBuffer().append("No response found, but some responses have ");
                if (z4) {
                    str = new StringBuffer("different ReqCert types ").append(z3 ? new StringBuffer("or ").append(str).toString() : "").toString();
                } else if (!z3) {
                    str = "";
                }
                throw new OCSPException(append.append(str).toString());
            }
        }
        return null;
    }

    public X509Certificate[] getCertificates() {
        return this.j;
    }

    @Override // iaik.x509.ocsp.Response
    public byte[] getEncoded() {
        b();
        return this.f1391c.toByteArray();
    }

    public V3Extension getExtension(ObjectID objectID) {
        if (this.h == null) {
            return null;
        }
        return this.h.getExtension(objectID);
    }

    public byte[] getNonce() {
        Nonce nonce = (Nonce) getExtension(Nonce.oid);
        if (nonce == null) {
            return null;
        }
        return nonce.getValue();
    }

    public Date getProducedAt() {
        if (this.f == null) {
            return null;
        }
        return this.f.getDate();
    }

    public ResponderID getResponderID() {
        return this.e;
    }

    @Override // iaik.x509.ocsp.Response
    public ObjectID getResponseType() {
        return responseType;
    }

    public byte[] getSignature() {
        return this.k;
    }

    public AlgorithmID getSignatureAlgorithm() {
        return this.i;
    }

    public X509Certificate getSignerCertificate() {
        if (this.j != null && this.e != null) {
            for (int i = 0; i < this.j.length; i++) {
                if (this.e.isResponderIdFor(this.j[i])) {
                    return this.j[i];
                }
                continue;
            }
        }
        return null;
    }

    public SingleResponse getSingleResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2, GeneralName generalName) {
        return (SingleResponse) getCertificateResponse(x509Certificate, x509Certificate2, generalName);
    }

    public SingleResponse getSingleResponse(ReqCert reqCert) {
        return (SingleResponse) getCertificateResponse(reqCert);
    }

    public SingleResponse[] getSingleResponses() {
        return this.g;
    }

    public byte[] getTBSResponseData() {
        try {
            return (this.f1391c == null || this.f1391c.toByteArray() == null) ? DerCoder.encode(e()) : this.f1391c.getFirstObject();
        } catch (OCSPException e) {
            throw new CodingException(e.toString());
        }
    }

    public int getVersion() {
        return this.d;
    }

    public boolean hasExtensions() {
        if (this.h == null) {
            return false;
        }
        return this.h.hasExtensions();
    }

    public boolean hasUnsupportedCriticalExtension() {
        if (this.h == null) {
            return false;
        }
        return this.h.hasUnsupportedCriticalExtension();
    }

    public Enumeration listExtensions() {
        if (this.h == null) {
            return null;
        }
        return this.h.listExtensions();
    }

    public void removeAllExtensions() {
        if (this.h != null) {
            this.h.removeAllExtensions();
            a();
        }
        this.h = null;
    }

    public boolean removeExtension(ObjectID objectID) {
        boolean removeExtension = this.h == null ? false : this.h.removeExtension(objectID);
        if (removeExtension) {
            a();
        }
        return removeExtension;
    }

    public void setCertificates(X509Certificate[] x509CertificateArr) {
        this.j = x509CertificateArr;
        a();
    }

    public void setNonce(byte[] bArr) {
        addExtension(new Nonce(bArr));
    }

    public void setProducedAt(Date date) {
        this.f = new ChoiceOfTime(date, ASN.GeneralizedTime, false);
        a();
    }

    public void setResponderID(ResponderID responderID) {
        this.e = responderID;
        a();
    }

    public void setSignature(AlgorithmID algorithmID, byte[] bArr) {
        if (algorithmID == null) {
            throw new OCSPException("Cannot set signature! No signature algorithm specified!");
        }
        if (bArr == null || bArr.length == 0) {
            throw new OCSPException("Cannot set empty signature value!");
        }
        this.i = algorithmID;
        this.k = bArr;
        ASN1Object e = e();
        try {
            BIT_STRING bit_string = new BIT_STRING(this.k);
            SEQUENCE sequence = new SEQUENCE();
            sequence.addComponent(e);
            sequence.addComponent(this.i.toASN1Object());
            sequence.addComponent(bit_string);
            if (this.j != null && this.j.length > 0) {
                sequence.addComponent(new CON_SPEC(0, ASN.createSequenceOf(this.j)));
            }
            this.f1391c = new ASN1(sequence);
            this.l = false;
        } catch (CodingException e2) {
            throw new OCSPException(e2.toString());
        }
    }

    public void setSingleResponses(SingleResponse[] singleResponseArr) {
        this.g = singleResponseArr;
        a();
        if (this.g != null) {
            for (int i = 0; i < this.g.length; i++) {
                if (this.g[i].getReqCert().getType() != 0) {
                    this.d = 2;
                    return;
                }
            }
        }
    }

    public void sign(AlgorithmID algorithmID, PrivateKey privateKey) {
        sign(algorithmID, privateKey, null);
    }

    public void sign(AlgorithmID algorithmID, PrivateKey privateKey, String str) {
        AlgorithmParameters signatureParameters;
        if (algorithmID == null) {
            throw new OCSPException("Cannot sign response! No signature algorithm specified!");
        }
        this.i = algorithmID;
        Signature signatureInstance = this.i.getSignatureInstance(str);
        signatureInstance.initSign(privateKey);
        try {
            if (!AlgorithmID.getDoNotIncludeParameters(this.i) && !this.i.hasParameters() && (signatureParameters = Util.getSignatureParameters(signatureInstance)) != null) {
                this.i.setAlgorithmParameters(signatureParameters);
            }
        } catch (Exception e) {
        }
        ASN1Object e2 = e();
        try {
            signatureInstance.update(DerCoder.encode(e2));
            this.k = signatureInstance.sign();
            BIT_STRING bit_string = new BIT_STRING(this.k);
            SEQUENCE sequence = new SEQUENCE();
            sequence.addComponent(e2);
            sequence.addComponent(this.i.toASN1Object());
            sequence.addComponent(bit_string);
            if (this.j != null && this.j.length > 0) {
                sequence.addComponent(new CON_SPEC(0, ASN.createSequenceOf(this.j)));
            }
            this.f1391c = new ASN1(sequence);
            this.l = false;
        } catch (CodingException e3) {
            throw new OCSPException(e3.toString());
        } catch (SignatureException e4) {
            throw new OCSPException(e4.toString());
        }
    }

    public ASN1Object toASN1Object() {
        b();
        return this.f1391c.toASN1Object();
    }

    @Override // iaik.x509.ocsp.Response
    public String toString() {
        return toString(false);
    }

    public String toString(boolean z) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(new StringBuffer("Version: ").append(this.d).append("\n").toString());
        stringBuffer.append(new StringBuffer("ResponderID: ").append(this.e).append("\n").toString());
        stringBuffer.append(new StringBuffer("ProducedAt: ").append(this.f).append("\n").toString());
        if (z) {
            for (int i = 0; i < this.g.length; i++) {
                stringBuffer.append(new StringBuffer("singleResponse ").append(i).append(": {\n").toString());
                Util.printIndented(this.g[i].toString(true), true, "  ", stringBuffer);
                stringBuffer.append("\n}");
            }
        } else {
            stringBuffer.append(new StringBuffer("singleResponses: ").append(this.g.length).toString());
        }
        stringBuffer.append("\n");
        if (this.h != null) {
            if (z) {
                stringBuffer.append(this.h);
            } else {
                stringBuffer.append(new StringBuffer("Extensions: ").append(this.h.countExtensions()).toString());
                stringBuffer.append("\n");
            }
        }
        stringBuffer.append(new StringBuffer("Signature algorithm: ").append(this.i).append("\n").toString());
        if (this.j != null) {
            stringBuffer.append(new StringBuffer("certificates: ").append(this.j.length).append("\n").toString());
        }
        return stringBuffer.toString();
    }

    public X509Certificate verify() {
        if (this.j == null || this.j.length == 0) {
            throw new OCSPException("Cannot verify request. No certificates included.");
        }
        X509Certificate signerCertificate = getSignerCertificate();
        if (signerCertificate == null) {
            X509Certificate[] arrangeCertificateChain = Util.arrangeCertificateChain(this.j, false);
            signerCertificate = (arrangeCertificateChain == null || arrangeCertificateChain.length <= 0) ? this.j[0] : arrangeCertificateChain[0];
        }
        verify(signerCertificate.getPublicKey());
        return signerCertificate;
    }

    public void verify(PublicKey publicKey) {
        verify(publicKey, null);
    }

    public void verify(PublicKey publicKey, String str) {
        b();
        Signature signatureInstance = this.i.getSignatureInstance(str);
        try {
            byte[] firstObject = this.f1391c.getFirstObject();
            signatureInstance.initVerify(publicKey);
            signatureInstance.update(firstObject);
            if (!signatureInstance.verify(this.k)) {
                throw new SignatureException("Signature verification error!");
            }
        } catch (CodingException e) {
            throw new SignatureException(e.toString());
        }
    }

    public void writeTo(OutputStream outputStream) {
        b();
        this.f1391c.writeTo(outputStream);
    }
}
