package org.bouncycastle.jce.provider;

import dh.d0;
import dh.g0;
import dh.r1;
import dh.t1;
import dh.v;
import dh.w;
import gi.b0;
import gi.m0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import yh.x;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class m implements jm.o {

    /* renamed from: f, reason: collision with root package name */
    private static final Map f26707f;

    /* renamed from: a, reason: collision with root package name */
    private final n f26708a;

    /* renamed from: b, reason: collision with root package name */
    private final nm.d f26709b;

    /* renamed from: c, reason: collision with root package name */
    private jm.p f26710c;

    /* renamed from: d, reason: collision with root package name */
    private boolean f26711d;

    /* renamed from: e, reason: collision with root package name */
    private String f26712e;

    static {
        HashMap hashMap = new HashMap();
        f26707f = hashMap;
        hashMap.put(new v("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(yh.q.M2, "SHA224WITHRSA");
        hashMap.put(yh.q.J2, "SHA256WITHRSA");
        hashMap.put(yh.q.K2, "SHA384WITHRSA");
        hashMap.put(yh.q.L2, "SHA512WITHRSA");
        hashMap.put(jh.a.f21587n, "GOST3411WITHGOST3410");
        hashMap.put(jh.a.f21588o, "GOST3411WITHECGOST3410");
        hashMap.put(zh.a.f38003i, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(zh.a.f38004j, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(fm.a.f14598d, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(fm.a.f14599e, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(fm.a.f14600f, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(fm.a.f14601g, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(fm.a.f14602h, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(fm.a.f14603i, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(hm.a.f16211s, "SHA1WITHCVC-ECDSA");
        hashMap.put(hm.a.f16212t, "SHA224WITHCVC-ECDSA");
        hashMap.put(hm.a.f16213u, "SHA256WITHCVC-ECDSA");
        hashMap.put(hm.a.f16214v, "SHA384WITHCVC-ECDSA");
        hashMap.put(hm.a.f16215w, "SHA512WITHCVC-ECDSA");
        hashMap.put(ph.a.f27525a, "XMSS");
        hashMap.put(ph.a.f27526b, "XMSSMT");
        hashMap.put(new v("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new v("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new v("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(hi.m.f15973b1, "SHA1WITHECDSA");
        hashMap.put(hi.m.f15981f1, "SHA224WITHECDSA");
        hashMap.put(hi.m.f15983g1, "SHA256WITHECDSA");
        hashMap.put(hi.m.f15985h1, "SHA384WITHECDSA");
        hashMap.put(hi.m.f15987i1, "SHA512WITHECDSA");
        hashMap.put(xh.b.f35346k, "SHA1WITHRSA");
        hashMap.put(xh.b.f35345j, "SHA1WITHDSA");
        hashMap.put(th.b.X, "SHA224WITHDSA");
        hashMap.put(th.b.Y, "SHA256WITHDSA");
    }

    public m(n nVar, nm.d dVar) {
        this.f26708a = nVar;
        this.f26709b = dVar;
    }

    private static byte[] b(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(m0.o(publicKey.getEncoded()).p().G());
    }

    private wh.b c(gi.b bVar, gi.n nVar, dh.q qVar) throws CertPathValidatorException {
        try {
            MessageDigest f10 = this.f26709b.f(nm.e.b(bVar.n()));
            return new wh.b(bVar, new t1(f10.digest(nVar.z().m("DER"))), new t1(f10.digest(nVar.B().p().G())), qVar);
        } catch (Exception e10) {
            throw new CertPathValidatorException("problem creating ID: " + e10, e10);
        }
    }

    private wh.b d(wh.b bVar, gi.n nVar, dh.q qVar) throws CertPathValidatorException {
        return c(bVar.n(), nVar, qVar);
    }

    private gi.n e() throws CertPathValidatorException {
        try {
            return gi.n.o(this.f26710c.d().getEncoded());
        } catch (Exception e10) {
            throw new CertPathValidatorException("cannot process signing cert: " + e10.getMessage(), e10, this.f26710c.a(), this.f26710c.b());
        }
    }

    private static String f(v vVar) {
        String b10 = nm.e.b(vVar);
        int indexOf = b10.indexOf(45);
        if (indexOf <= 0 || b10.startsWith("SHA3")) {
            return b10;
        }
        return b10.substring(0, indexOf) + b10.substring(indexOf + 1);
    }

    static URI g(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(gi.t.A.L());
        if (extensionValue == null) {
            return null;
        }
        gi.a[] o10 = gi.h.p(w.H(extensionValue).J()).o();
        for (int i10 = 0; i10 != o10.length; i10++) {
            gi.a aVar = o10[i10];
            if (gi.a.f14907d.y(aVar.o())) {
                gi.v n10 = aVar.n();
                if (n10.q() == 6) {
                    try {
                        return new URI(((g0) n10.p()).f());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String h(gi.b bVar) {
        dh.g q10 = bVar.q();
        if (q10 == null || r1.f13137b.x(q10) || !bVar.n().y(yh.q.I2)) {
            Map map = f26707f;
            return map.containsKey(bVar.n()) ? (String) map.get(bVar.n()) : bVar.n().L();
        }
        return f(x.o(q10).n().n()) + "WITHRSAANDMGF1";
    }

    private static X509Certificate i(wh.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2, nm.d dVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        wh.i o10 = aVar.t().o();
        byte[] o11 = o10.o();
        if (o11 != null) {
            MessageDigest f10 = dVar.f("SHA1");
            if (x509Certificate2 != null && io.a.c(o11, b(f10, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !io.a.c(o11, b(f10, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        ei.e eVar = fi.b.R;
        ei.c o12 = ei.c.o(eVar, o10.p());
        if (x509Certificate2 != null && o12.equals(ei.c.o(eVar, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !o12.equals(ei.c.o(eVar, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean l(wh.i iVar, X509Certificate x509Certificate, nm.d dVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] o10 = iVar.o();
        if (o10 != null) {
            return io.a.c(o10, b(dVar.f("SHA1"), x509Certificate.getPublicKey()));
        }
        ei.e eVar = fi.b.R;
        return ei.c.o(eVar, iVar.p()).equals(ei.c.o(eVar, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean m(wh.a aVar, jm.p pVar, byte[] bArr, X509Certificate x509Certificate, nm.d dVar) throws CertPathValidatorException {
        try {
            d0 n10 = aVar.n();
            Signature c10 = dVar.c(h(aVar.q()));
            X509Certificate i10 = i(aVar, pVar.d(), x509Certificate, dVar);
            if (i10 == null && n10 == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (i10 != null) {
                c10.initVerify(i10.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) dVar.h("X.509").generateCertificate(new ByteArrayInputStream(n10.K(0).e().getEncoded()));
                x509Certificate2.verify(pVar.d().getPublicKey());
                x509Certificate2.checkValidity(pVar.e());
                if (!l(aVar.t().o(), x509Certificate2, dVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, pVar.a(), pVar.b());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(b0.f14929l.n())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, pVar.a(), pVar.b());
                }
                c10.initVerify(x509Certificate2);
            }
            c10.update(aVar.t().m("DER"));
            if (!c10.verify(aVar.p().G())) {
                return false;
            }
            if (bArr != null && !io.a.c(bArr, aVar.t().p().n(wh.d.f34117c).p().J())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, pVar.a(), pVar.b());
            }
            return true;
        } catch (IOException e10) {
            throw new CertPathValidatorException("OCSP response failure: " + e10.getMessage(), e10, pVar.a(), pVar.b());
        } catch (CertPathValidatorException e11) {
            throw e11;
        } catch (GeneralSecurityException e12) {
            throw new CertPathValidatorException("OCSP response failure: " + e12.getMessage(), e12, pVar.a(), pVar.b());
        }
    }

    @Override // jm.o
    public void a(jm.p pVar) {
        this.f26710c = pVar;
        this.f26711d = io.m.d("ocsp.enable");
        this.f26712e = io.m.c("ocsp.responderURL");
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x01a0, code lost:
    
        if (r0.n().equals(r1.n().n()) != false) goto L66;
     */
    @Override // jm.o
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.m.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> j() {
        return null;
    }

    public void k(boolean z10) throws CertPathValidatorException {
        if (z10) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f26710c = null;
        this.f26711d = io.m.d("ocsp.enable");
        this.f26712e = io.m.c("ocsp.responderURL");
    }
}
