package uz.yt.cams.pki.provider;

import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DERIA5String;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.x509.AccessDescription;
import org.spongycastle.asn1.x509.AuthorityInformationAccess;
import org.spongycastle.asn1.x509.CRLReason;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.ocsp.BasicOCSPResp;
import org.spongycastle.cert.ocsp.OCSPException;
import org.spongycastle.cert.ocsp.RevokedStatus;
import org.spongycastle.cert.ocsp.SingleResp;
import org.spongycastle.cert.ocsp.UnknownStatus;
import org.spongycastle.operator.OperatorCreationException;
import uz.yt.cams.pki.client.OcspClient;
import uz.yt.cams.pki.dto.CertificateIdInfo;
import uz.yt.cams.pki.dto.RevokedStatusInfo;
import uz.yt.cams.pki.exception.CertificateVerificationException;
import uz.yt.cams.pki.exception.ConnectionException;
import uz.yt.cams.pki.exception.ProviderException;
import uz.yt.cams.pki.exception.RequestGenerationException;

/* loaded from: classes2.dex */
public class DefaultCertificateStatusProvder implements CertificateStatusProvder {
    private static final Logger LOG = Logger.getLogger(DefaultCertificateStatusProvder.class.getName());
    private final Provider provider;
    private X509CertificateHolder requestorCertificate;
    private PrivateKey requestorPrivateKey;
    private final TrustedCertificateProvider rootCertificateProvider;

    public DefaultCertificateStatusProvder(Provider provider, TrustedCertificateProvider trustedCertificateProvider) {
        this.provider = provider;
        this.rootCertificateProvider = trustedCertificateProvider;
    }

    public DefaultCertificateStatusProvder(Provider provider, TrustedCertificateProvider trustedCertificateProvider, X509CertificateHolder x509CertificateHolder, PrivateKey privateKey) {
        this.provider = provider;
        this.rootCertificateProvider = trustedCertificateProvider;
        this.requestorCertificate = x509CertificateHolder;
        this.requestorPrivateKey = privateKey;
    }

    private BasicOCSPResp check(URL url, X509CertificateHolder x509CertificateHolder, BigInteger[] bigIntegerArr) throws RequestGenerationException, ConnectionException, OCSPException, OperatorCreationException, SignatureException {
        return new OcspClient(this.provider, url, this.rootCertificateProvider, this.requestorCertificate, this.requestorPrivateKey).getOCSPResp(x509CertificateHolder, bigIntegerArr);
    }

    private void check(String str, CertificateIdInfo certificateIdInfo) {
        try {
            LOG.log(Level.INFO, "TRY OCSP : {0}", new Object[]{str});
            X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(certificateIdInfo.getIssuerCertificate().getEncoded());
            BigInteger serialNumber = certificateIdInfo.getSubjectCertificate().getSerialNumber();
            try {
                BasicOCSPResp check = check(new URL(str), x509CertificateHolder, new BigInteger[]{serialNumber});
                certificateIdInfo.setOCSPResponse(check.getEncoded());
                for (SingleResp singleResp : check.getResponses()) {
                    if (singleResp.getCertID().getSerialNumber().equals(serialNumber)) {
                        certificateIdInfo.setStatusUpdatedAt(singleResp.getThisUpdate());
                        certificateIdInfo.setStatusNextUpdateAt(singleResp.getNextUpdate());
                        if (singleResp.getCertStatus() == null) {
                            LOG.log(Level.INFO, "CERTIFICATE STATUS IS GOOD : {0}, updated: {1}, next update: {2}", new Object[]{singleResp.getCertID().getSerialNumber().toString(16), singleResp.getThisUpdate(), singleResp.getNextUpdate()});
                            certificateIdInfo.setStatusValid(true);
                        } else {
                            if (singleResp.getCertStatus() instanceof UnknownStatus) {
                                LOG.log(Level.WARNING, "CERTIFICATE {0} IS NOT FOUND, updated: {1}, next update: {2}", new Object[]{singleResp.getCertID().getSerialNumber().toString(16), singleResp.getThisUpdate(), singleResp.getNextUpdate()});
                            }
                            if (singleResp.getCertStatus() instanceof RevokedStatus) {
                                RevokedStatus revokedStatus = (RevokedStatus) singleResp.getCertStatus();
                                RevokedStatusInfo revokedStatusInfo = new RevokedStatusInfo(revokedStatus.getRevocationTime());
                                certificateIdInfo.setRevokedStatusInfo(revokedStatusInfo);
                                if (revokedStatus.hasRevocationReason()) {
                                    revokedStatusInfo.setCrlReason(CRLReason.lookup(revokedStatus.getRevocationReason()).toString());
                                }
                                LOG.log(Level.WARNING, "CERTIFICATE {0} REVOKED AT {1} WITH REASON {2}, updated: {3}, next update: {4}", new Object[]{singleResp.getCertID().getSerialNumber().toString(16), certificateIdInfo.getRevokedStatusInfo().getRevocationTime(), certificateIdInfo.getRevokedStatusInfo().getCrlReason(), singleResp.getThisUpdate(), singleResp.getNextUpdate()});
                            }
                        }
                    }
                }
            } catch (IOException e) {
                e = e;
                Exception exc = e;
                certificateIdInfo.setException(exc);
                LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc.getClass().getSimpleName(), exc.getMessage()});
            } catch (SignatureException e2) {
                e = e2;
                SignatureException signatureException = e;
                certificateIdInfo.setException(signatureException);
                LOG.log(Level.WARNING, "{0}: {1}", new Object[]{signatureException.getClass().getSimpleName(), signatureException.getMessage()});
            } catch (CertificateEncodingException e3) {
                e = e3;
                Exception exc2 = e;
                certificateIdInfo.setException(exc2);
                LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc2.getClass().getSimpleName(), exc2.getMessage()});
            } catch (OCSPException e4) {
                e = e4;
                Exception exc22 = e;
                certificateIdInfo.setException(exc22);
                LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc22.getClass().getSimpleName(), exc22.getMessage()});
            } catch (OperatorCreationException e5) {
                e = e5;
                Exception exc222 = e;
                certificateIdInfo.setException(exc222);
                LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc222.getClass().getSimpleName(), exc222.getMessage()});
            } catch (ConnectionException e6) {
                e = e6;
                Exception exc3 = e;
                certificateIdInfo.setException(exc3);
                LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc3.getClass().getSimpleName(), exc3.getMessage()});
            } catch (RequestGenerationException e7) {
                e = e7;
                Exception exc32 = e;
                certificateIdInfo.setException(exc32);
                LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc32.getClass().getSimpleName(), exc32.getMessage()});
            }
        } catch (IOException e8) {
            e = e8;
            Exception exc2222 = e;
            certificateIdInfo.setException(exc2222);
            LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc2222.getClass().getSimpleName(), exc2222.getMessage()});
        } catch (SignatureException e9) {
            e = e9;
        } catch (CertificateEncodingException e10) {
            e = e10;
            Exception exc22222 = e;
            certificateIdInfo.setException(exc22222);
            LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc22222.getClass().getSimpleName(), exc22222.getMessage()});
        } catch (OCSPException e11) {
            e = e11;
            Exception exc222222 = e;
            certificateIdInfo.setException(exc222222);
            LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc222222.getClass().getSimpleName(), exc222222.getMessage()});
        } catch (OperatorCreationException e12) {
            e = e12;
            Exception exc2222222 = e;
            certificateIdInfo.setException(exc2222222);
            LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc2222222.getClass().getSimpleName(), exc2222222.getMessage()});
        } catch (ConnectionException e13) {
            e = e13;
            Exception exc322 = e;
            certificateIdInfo.setException(exc322);
            LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc322.getClass().getSimpleName(), exc322.getMessage()});
        } catch (RequestGenerationException e14) {
            e = e14;
            Exception exc3222 = e;
            certificateIdInfo.setException(exc3222);
            LOG.log(Level.WARNING, "{0}: {1}", new Object[]{exc3222.getClass().getSimpleName(), exc3222.getMessage()});
        }
    }

    private List<String> getAIALocations(X509Certificate x509Certificate) throws CertificateVerificationException {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
        if (extensionValue == null) {
            throw new CertificateVerificationException("Certificate doesn't have authority information access points");
        }
        try {
            AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance((ASN1Sequence) new ASN1InputStream(((DEROctetString) new ASN1InputStream(extensionValue).readObject()).getOctets()).readObject());
            ArrayList arrayList = new ArrayList();
            for (AccessDescription accessDescription : authorityInformationAccess.getAccessDescriptions()) {
                GeneralName accessLocation = accessDescription.getAccessLocation();
                if (accessLocation.getTagNo() == 6) {
                    arrayList.add(DERIA5String.getInstance(accessLocation.getName()).getString());
                }
            }
            if (arrayList.isEmpty()) {
                throw new CertificateVerificationException("Cant get OCSP urls from certificate");
            }
            return arrayList;
        } catch (IOException e) {
            throw new CertificateVerificationException("Cannot read certificate to get OCSP URLs", e);
        }
    }

    private String getOcspUrl(X509Certificate x509Certificate) throws CertificateVerificationException {
        for (String str : getAIALocations(x509Certificate)) {
            if (str.contains("ocsp")) {
                return str;
            }
        }
        return null;
    }

    @Override // uz.yt.cams.pki.provider.CertificateStatusProvder
    public BasicOCSPResp check(X509CertificateHolder x509CertificateHolder, BigInteger[] bigIntegerArr, String str) throws ProviderException {
        try {
            return new OcspClient(this.provider, new URL(str), this.rootCertificateProvider, this.requestorCertificate, this.requestorPrivateKey).getOCSPResp(x509CertificateHolder, bigIntegerArr);
        } catch (MalformedURLException | SignatureException | OCSPException | OperatorCreationException | ConnectionException | RequestGenerationException e) {
            throw new ProviderException(e);
        }
    }

    @Override // uz.yt.cams.pki.provider.CertificateStatusProvder
    public void check(List<CertificateIdInfo> list) {
        HashMap hashMap = new HashMap();
        for (int i = 0; i < list.size(); i++) {
            CertificateIdInfo certificateIdInfo = list.get(i);
            try {
                String ocspUrl = getOcspUrl(certificateIdInfo.getSubjectCertificate());
                if (!hashMap.containsKey(ocspUrl)) {
                    hashMap.put(ocspUrl, new LinkedList());
                }
                ((List) hashMap.get(ocspUrl)).add(Integer.valueOf(i));
            } catch (CertificateVerificationException e) {
                certificateIdInfo.setException(e);
            }
        }
        for (String str : hashMap.keySet()) {
            Iterator it = ((List) hashMap.get(str)).iterator();
            while (it.hasNext()) {
                check(str, list.get(((Integer) it.next()).intValue()));
            }
        }
    }

    @Override // uz.yt.cams.pki.provider.CertificateStatusProvder
    public void check(CertificateIdInfo certificateIdInfo) {
        try {
            check(getOcspUrl(certificateIdInfo.getSubjectCertificate()), certificateIdInfo);
        } catch (CertificateVerificationException e) {
            certificateIdInfo.setException(e);
        }
    }
}
