package ru.CryptoPro.AdES.evidence.ocsp;

import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.RevokedInfo;
import org.bouncycastle.asn1.ocsp.SingleResponse;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import ru.CryptoPro.AdES.AdESConfig;
import ru.CryptoPro.AdES.AdESConfigParameters;
import ru.CryptoPro.AdES.certificate.CertificateItem;
import ru.CryptoPro.AdES.evidence.Evidence;
import ru.CryptoPro.AdES.exception.AdESException;
import ru.CryptoPro.AdES.tools.revocation.RevocationURL;
import ru.CryptoPro.AdES.tools.revocation.RevocationURLCollection;
import ru.CryptoPro.AdES.tools.revocation.data.RevocationMethod;
import ru.CryptoPro.AdES.tools.revocation.data.ValidatingData;
import ru.CryptoPro.AdES.tools.revocation.impl.CollectionRevocationURLStrategy;
import ru.CryptoPro.AdES.tools.revocation.impl.DefaultRevocationURLStrategy;
import ru.CryptoPro.AdES.tools.revocation.impl.DefaultValidatingData;
import ru.CryptoPro.AdES.tools.revocation.impl.ResponderRevocationURLStrategy;
import ru.CryptoPro.AdES.tools.revocation.impl.SingleRevocationURLStrategy;
import ru.CryptoPro.AdES.tools.revocation.template.RevocationURLStrategy;
import ru.CryptoPro.JCP.tools.JCPLogger;

/* loaded from: classes4.dex */
public class OCSPEvidenceCollectorImpl extends OCSPEvidenceCollector {
    private static final String OUT_OF_SYNC_FORMAT = "TSP and OCSP services' time is out of sync (max delay: %d ms); TSP time: %s, OCSP time (produced): %s";

    private void checkIfRevoked(BasicOCSPResp basicOCSPResp, X509Certificate x509Certificate) throws AdESException {
        CertificateStatus certStatus = basicOCSPResp.getResponses()[0].getCertStatus();
        if (certStatus != CertificateStatus.GOOD) {
            if (certStatus instanceof RevokedInfo) {
                throw new AdESException("OCSP status of certificate: sn " + x509Certificate.getSerialNumber().toString(16) + ", subject " + x509Certificate.getSubjectDN() + ", issuer " + x509Certificate.getIssuerDN() + " is REVOKED!", AdESException.ecRevocationCertificateStatusIsRevoked);
            }
            throw new AdESException("OCSP status of certificate: sn " + x509Certificate.getSerialNumber().toString(16) + ", subject " + x509Certificate.getSubjectDN() + ", issuer " + x509Certificate.getIssuerDN() + " is UNKNOWN.", AdESException.ecRevocationCertificateStatusIsUnknown);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:57:0x0193 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:60:0x0014 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private ru.CryptoPro.AdES.evidence.Evidence<org.bouncycastle.asn1.ocsp.BasicOCSPResponse> getEvidence(java.util.Collection<ru.CryptoPro.AdES.tools.revocation.RevocationURL> r17, ru.CryptoPro.AdES.tools.revocation.data.ValidatingData r18, java.security.cert.X509Certificate r19, java.util.Date r20) throws ru.CryptoPro.AdES.exception.AdESException {
        /*
            Method dump skipped, instructions count: 531
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.AdES.evidence.ocsp.OCSPEvidenceCollectorImpl.getEvidence(java.util.Collection, ru.CryptoPro.AdES.tools.revocation.data.ValidatingData, java.security.cert.X509Certificate, java.util.Date):ru.CryptoPro.AdES.evidence.Evidence");
    }

    private Evidence<BasicOCSPResponse> getEvidence(CertificateItem certificateItem, X509Certificate x509Certificate) throws AdESException {
        DefaultValidatingData defaultValidatingData = new DefaultValidatingData(certificateItem.getCertificate(), x509Certificate, certificateItem.getCertificateRole(), RevocationMethod.OCSP);
        ArrayList arrayList = new ArrayList();
        if (this.options != null) {
            JCPLogger.fine("Loading optional OCSP url(s)...");
            RevocationURLStrategy<?> revocationURLStrategy = this.options.getRevocationURLStrategy();
            if (revocationURLStrategy != null) {
                if (revocationURLStrategy instanceof CollectionRevocationURLStrategy) {
                    RevocationURLCollection revocationURLCollection = ((CollectionRevocationURLStrategy) revocationURLStrategy).get(defaultValidatingData);
                    if (revocationURLCollection != null) {
                        arrayList.addAll(revocationURLCollection.get());
                    }
                } else {
                    if (!(revocationURLStrategy instanceof SingleRevocationURLStrategy)) {
                        throw new AdESException("Unknown strategy: " + revocationURLStrategy.getClass().getName(), AdESException.ecInternal);
                    }
                    RevocationURL revocationURL = ((SingleRevocationURLStrategy) revocationURLStrategy).get(defaultValidatingData);
                    if (revocationURL != null) {
                        arrayList.add(revocationURL);
                    }
                }
            }
        }
        JCPLogger.fine("Resolving default (AIA) OCSP url(s)...");
        arrayList.addAll(new DefaultRevocationURLStrategy().get((ValidatingData) defaultValidatingData).get());
        JCPLogger.fine("Resolving static responder OCSP url...");
        RevocationURL revocationURL2 = new ResponderRevocationURLStrategy().get((ValidatingData) defaultValidatingData);
        if (revocationURL2 != null) {
            arrayList.add(revocationURL2);
        }
        JCPLogger.fine("Collecting OCSP evidences...");
        return getEvidence(arrayList, defaultValidatingData, x509Certificate, null);
    }

    private boolean needRecall(Date date, SingleResponse singleResponse, Date date2) throws AdESException {
        try {
            JCPLogger.fine("Recalling OCSP service...");
            Date date3 = singleResponse.getThisUpdate().getDate();
            if (!date3.before(this.internalDate)) {
                return false;
            }
            JCPLogger.fineFormat("OCSP.thisUpdate {0} is before the TSP time {1}. Need to retry.", date3, this.internalDate);
            if ((date2 == null ? 0L : Calendar.getInstance().getTime().getTime() - date2.getTime()) > AdESConfigParameters.TIMEOUT_MAX) {
                throw new AdESException("Time of call has been exhausted. You should try to sign or enhance again later.", AdESException.ecOnlineCallFailed);
            }
            long time = this.internalDate.getTime() - date.getTime();
            if (time < 200) {
                time = 200;
            }
            long serviceDesyncTimeout = AdESConfig.getServiceDesyncTimeout();
            if (time > serviceDesyncTimeout) {
                throw new AdESException(String.format(OUT_OF_SYNC_FORMAT, Long.valueOf(serviceDesyncTimeout), this.internalDate, date), AdESException.ecOnlineCallFailed);
            }
            JCPLogger.fineFormat("Will try to retrieve an OCSP response again after {0}  ms.", Long.valueOf(time));
            try {
                Thread.sleep(time);
            } catch (InterruptedException unused) {
            }
            return true;
        } catch (ParseException e) {
            JCPLogger.thrown(e);
            return true;
        }
    }

    @Override // ru.CryptoPro.AdES.evidence.SingleEvidenceCollector
    public Evidence<BasicOCSPResponse> make(CertificateItem certificateItem, X509Certificate x509Certificate) throws AdESException {
        return getEvidence(certificateItem, x509Certificate);
    }
}
