package uz.yt.cams.pki.client;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.URL;
import java.net.URLConnection;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.ocsp.BasicOCSPResp;
import org.spongycastle.cert.ocsp.CertificateID;
import org.spongycastle.cert.ocsp.OCSPException;
import org.spongycastle.cert.ocsp.OCSPReq;
import org.spongycastle.cert.ocsp.OCSPReqBuilder;
import org.spongycastle.cert.ocsp.OCSPResp;
import org.spongycastle.jcajce.util.yt.DefaultAlgParams;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import uz.yt.cams.pki.CertificatePathBuilderValidator;
import uz.yt.cams.pki.exception.ConnectionException;
import uz.yt.cams.pki.exception.RequestGenerationException;
import uz.yt.cams.pki.provider.TrustedCertificateProvider;

/* loaded from: classes2.dex */
public class OcspClient {
    private static final Logger LOG = Logger.getLogger(OcspClient.class.getName());
    public static final String PROVIDER_NAME = "BC";
    private final URL ocspUrl;
    protected Provider provider;
    private final TrustedCertificateProvider rootCertificateProvider;
    private X509CertificateHolder signerCertificate;
    private PrivateKey signerPrivateKey;

    public OcspClient(Provider provider, URL url, TrustedCertificateProvider trustedCertificateProvider) {
        this.provider = provider;
        this.ocspUrl = url;
        this.rootCertificateProvider = trustedCertificateProvider;
    }

    public OcspClient(Provider provider, URL url, TrustedCertificateProvider trustedCertificateProvider, X509CertificateHolder x509CertificateHolder, PrivateKey privateKey) {
        this.provider = provider;
        this.ocspUrl = url;
        this.rootCertificateProvider = trustedCertificateProvider;
        this.signerCertificate = x509CertificateHolder;
        this.signerPrivateKey = privateKey;
    }

    private String getStatus(int i) {
        return i != 0 ? i != 1 ? i != 2 ? i != 3 ? i != 5 ? i != 6 ? "UNKNOWN" : "UNAUTHORIZED" : "SIG_REQUIRED" : "TRY_LATER" : "INTERNAL_ERROR" : "MALFORMED_REQUEST" : "SUCCESSFUL";
    }

    private BasicOCSPResp parse(OCSPResp oCSPResp) throws OCSPException, OperatorCreationException, SignatureException {
        if (oCSPResp.getStatus() != 0) {
            throw new OCSPException(getStatus(oCSPResp.getStatus()));
        }
        BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
        if (isSignatureValid(basicOCSPResp)) {
            return basicOCSPResp;
        }
        throw new SignatureException();
    }

    protected OCSPReq generateOCSPRequest(Map<X509CertificateHolder, BigInteger[]> map) throws OperatorCreationException, OCSPException {
        LinkedList linkedList = new LinkedList();
        Iterator<X509CertificateHolder> it = map.keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                return generateOCSPRequest((CertificateID[]) linkedList.toArray(new CertificateID[0]));
            }
            X509CertificateHolder next = it.next();
            for (BigInteger bigInteger : map.get(next)) {
                linkedList.add(new CertificateID(new JcaDigestCalculatorProviderBuilder().setProvider(this.provider).build().get(CertificateID.HASH_SHA1), next, bigInteger));
            }
        }
    }

    protected OCSPReq generateOCSPRequest(X509CertificateHolder x509CertificateHolder, BigInteger[] bigIntegerArr) throws OCSPException, OperatorCreationException, IOException, CertificateEncodingException {
        LinkedList linkedList = new LinkedList();
        for (BigInteger bigInteger : bigIntegerArr) {
            linkedList.add(new CertificateID(new JcaDigestCalculatorProviderBuilder().setProvider(this.provider).build().get(CertificateID.HASH_SHA1), x509CertificateHolder, bigInteger));
        }
        return generateOCSPRequest((CertificateID[]) linkedList.toArray(new CertificateID[0]));
    }

    protected OCSPReq generateOCSPRequest(CertificateID[] certificateIDArr) throws OperatorCreationException, OCSPException {
        PrivateKey privateKey;
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        for (CertificateID certificateID : certificateIDArr) {
            oCSPReqBuilder.addRequest(certificateID);
        }
        oCSPReqBuilder.setRequestExtensions(new Extensions(new Extension[]{new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, (ASN1OctetString) new DEROctetString(BigInteger.valueOf(System.currentTimeMillis()).toByteArray()))}));
        if (this.signerCertificate == null || (privateKey = this.signerPrivateKey) == null) {
            return oCSPReqBuilder.build();
        }
        ContentSigner build = new JcaContentSignerBuilder(DefaultAlgParams.getDefaultSignatureAlg(privateKey.getAlgorithm())).setProvider(this.provider).build(this.signerPrivateKey);
        oCSPReqBuilder.setRequestorName(this.signerCertificate.getSubject());
        return oCSPReqBuilder.build(build, new X509CertificateHolder[]{this.signerCertificate});
    }

    public BasicOCSPResp getOCSPResp(Map<X509CertificateHolder, BigInteger[]> map) throws RequestGenerationException, ConnectionException, OCSPException, SignatureException, OperatorCreationException {
        try {
            return parse(postOcsp(generateOCSPRequest(map)));
        } catch (OCSPException | OperatorCreationException e) {
            throw new RequestGenerationException(e);
        }
    }

    public BasicOCSPResp getOCSPResp(X509CertificateHolder x509CertificateHolder, BigInteger[] bigIntegerArr) throws RequestGenerationException, ConnectionException, OCSPException, OperatorCreationException, SignatureException {
        try {
            return parse(postOcsp(generateOCSPRequest(x509CertificateHolder, bigIntegerArr)));
        } catch (IOException | CertificateEncodingException | OCSPException | OperatorCreationException e) {
            throw new RequestGenerationException(e);
        }
    }

    protected boolean isSignatureValid(BasicOCSPResp basicOCSPResp) {
        X509CertificateHolder[] certs = basicOCSPResp.getCerts();
        if (certs == null || certs.length == 0) {
            LOG.log(Level.WARNING, "Basic OCSP Response has no certificates attached in.");
            return false;
        }
        try {
            LinkedList linkedList = new LinkedList();
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(this.provider).getCertificate(certs[0]);
            for (X509CertificateHolder x509CertificateHolder : certs) {
                linkedList.add(new JcaX509CertificateConverter().setProvider(this.provider).getCertificate(x509CertificateHolder));
            }
            if (!basicOCSPResp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(this.provider).build(certificate))) {
                LOG.log(Level.WARNING, "OCSP Signature invalid");
                return false;
            }
            CertificatePathBuilderValidator certificatePathBuilderValidator = new CertificatePathBuilderValidator(this.provider, this.rootCertificateProvider);
            certificatePathBuilderValidator.buildCertPath(certificate, linkedList, new Date());
            Logger logger = LOG;
            logger.log(Level.INFO, "Successfully bilt path with target [{0}]", certificate.getSubjectDN().getName());
            certificatePathBuilderValidator.validateCertPath();
            logger.log(Level.INFO, "Successfully verified with target [{0}]", certificate.getSubjectDN().getName());
            return true;
        } catch (Throwable th) {
            LOG.log(Level.SEVERE, "OCSP Signature verification fail", th);
            return false;
        }
    }

    protected OCSPResp postOcsp(OCSPReq oCSPReq) throws ConnectionException {
        try {
            URLConnection openConnection = this.ocspUrl.openConnection();
            openConnection.setDoOutput(true);
            openConnection.setRequestProperty("Content-Type", "application/ocsp-request");
            OutputStream outputStream = openConnection.getOutputStream();
            try {
                outputStream.write(oCSPReq.getEncoded());
                if (outputStream != null) {
                    outputStream.close();
                }
                InputStream inputStream = openConnection.getInputStream();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byte[] bArr = new byte[1024];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read == -1) {
                        return new OCSPResp(byteArrayOutputStream.toByteArray());
                    }
                    byteArrayOutputStream.write(bArr, 0, read);
                }
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    if (outputStream != null) {
                        if (th != null) {
                            try {
                                outputStream.close();
                            } catch (Throwable unused) {
                            }
                        } else {
                            outputStream.close();
                        }
                    }
                    throw th2;
                }
            }
        } catch (IOException e) {
            throw new ConnectionException(e);
        }
    }
}
