package org.bouncycastle.jce.provider;

import B2.o;
import B2.v;
import C2.a;
import E1.C0187a;
import J2.C;
import J2.C0303a;
import J2.C0304b;
import J2.C0310h;
import J2.C0316n;
import J2.C0322u;
import J2.C0324w;
import J2.M;
import f3.InterfaceC0624a;
import h3.InterfaceC0640a;
import j2.InterfaceC0653b;
import j2.InterfaceC0658g;
import j3.InterfaceC0666f;
import j3.g;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import n2.InterfaceC0776a;
import n3.b;
import n3.c;
import org.bouncycastle.asn1.AbstractC0837l;
import org.bouncycastle.asn1.AbstractC0841p;
import org.bouncycastle.asn1.C0834i;
import org.bouncycastle.asn1.C0836k;
import org.bouncycastle.asn1.Q;
import org.bouncycastle.asn1.T;
import s2.InterfaceC0889a;
import w2.InterfaceC1023b;
import z2.C1051a;
import z2.C1052b;
import z2.C1059i;
import z2.InterfaceC1054d;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class ProvOcspRevocationChecker implements InterfaceC0666f {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final b helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private g parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new C0836k("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(o.f331o, "SHA224WITHRSA");
        hashMap.put(o.f325l, "SHA256WITHRSA");
        hashMap.put(o.f327m, "SHA384WITHRSA");
        hashMap.put(o.f329n, "SHA512WITHRSA");
        hashMap.put(InterfaceC0776a.f11695m, "GOST3411WITHGOST3410");
        hashMap.put(InterfaceC0776a.f11696n, "GOST3411WITHECGOST3410");
        hashMap.put(a.f502g, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(a.h, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(InterfaceC0624a.f10624a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC0624a.f10625b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC0624a.f10626c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC0624a.f10627d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC0624a.f10628e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC0624a.f10629f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(InterfaceC0640a.f10688a, "SHA1WITHCVC-ECDSA");
        hashMap.put(InterfaceC0640a.f10689b, "SHA224WITHCVC-ECDSA");
        hashMap.put(InterfaceC0640a.f10690c, "SHA256WITHCVC-ECDSA");
        hashMap.put(InterfaceC0640a.f10691d, "SHA384WITHCVC-ECDSA");
        hashMap.put(InterfaceC0640a.f10692e, "SHA512WITHCVC-ECDSA");
        hashMap.put(InterfaceC0889a.f12425a, "XMSS");
        hashMap.put(InterfaceC0889a.f12426b, "XMSSMT");
        hashMap.put(new C0836k("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new C0836k("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new C0836k("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(K2.o.f1955C0, "SHA1WITHECDSA");
        hashMap.put(K2.o.f1958F0, "SHA224WITHECDSA");
        hashMap.put(K2.o.f1959G0, "SHA256WITHECDSA");
        hashMap.put(K2.o.f1960H0, "SHA384WITHECDSA");
        hashMap.put(K2.o.f1961I0, "SHA512WITHECDSA");
        hashMap.put(A2.b.h, "SHA1WITHRSA");
        hashMap.put(A2.b.f216g, "SHA1WITHDSA");
        hashMap.put(InterfaceC1023b.f13102P, "SHA224WITHDSA");
        hashMap.put(InterfaceC1023b.f13103Q, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, b bVar) {
        this.parent = provRevocationChecker;
        this.helper = bVar;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(M.j(publicKey.getEncoded()).k().q());
    }

    private C1052b createCertID(C0304b c0304b, C0316n c0316n, C0834i c0834i) {
        try {
            MessageDigest b4 = this.helper.b(c.a(c0304b.h()));
            return new C1052b(c0304b, new T(b4.digest(c0316n.o().g("DER"))), new T(b4.digest(c0316n.p().k().q())), c0834i);
        } catch (Exception e2) {
            throw new CertPathValidatorException("problem creating ID: " + e2, e2);
        }
    }

    private C1052b createCertID(C1052b c1052b, C0316n c0316n, C0834i c0834i) {
        return createCertID(c1052b.h(), c0316n, c0834i);
    }

    private C0316n extractCert() {
        try {
            return C0316n.i(this.parameters.d().getEncoded());
        } catch (Exception e2) {
            throw new CertPathValidatorException(H.a.c(e2, C0187a.a("cannot process signing cert: ")), e2, this.parameters.a(), this.parameters.b());
        }
    }

    private static String getDigestName(C0836k c0836k) {
        String a4 = c.a(c0836k);
        int indexOf = a4.indexOf(45);
        if (indexOf <= 0 || a4.startsWith("SHA3")) {
            return a4;
        }
        return a4.substring(0, indexOf) + a4.substring(indexOf + 1);
    }

    static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C0322u.f1847N1.u());
        if (extensionValue == null) {
            return null;
        }
        C0303a[] h = C0310h.i(AbstractC0837l.q(extensionValue).s()).h();
        for (int i = 0; i != h.length; i++) {
            C0303a c0303a = h[i];
            if (C0303a.f1779q.l(c0303a.i())) {
                C0324w h4 = c0303a.h();
                if (h4.j() == 6) {
                    try {
                        return new URI(((InterfaceC0658g) h4.i()).c());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(C0304b c0304b) {
        InterfaceC0653b j4 = c0304b.j();
        if (j4 != null && !Q.f11893c.k(j4) && c0304b.h().l(o.f323k)) {
            return H.a.e(new StringBuilder(), getDigestName(v.i(j4).h().h()), "WITHRSAANDMGF1");
        }
        Map map = oids;
        boolean containsKey = map.containsKey(c0304b.h());
        C0836k h = c0304b.h();
        return containsKey ? (String) map.get(h) : h.u();
    }

    private static X509Certificate getSignerCert(C1051a c1051a, X509Certificate x509Certificate, X509Certificate x509Certificate2, b bVar) {
        C1059i i = c1051a.l().i();
        byte[] h = i.h();
        if (h != null) {
            MessageDigest b4 = bVar.b("SHA1");
            if (x509Certificate2 != null && Arrays.equals(h, calcKeyHash(b4, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !Arrays.equals(h, calcKeyHash(b4, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        I2.b bVar2 = I2.b.f1604n;
        H2.c h4 = H2.c.h(bVar2, i.i());
        if (x509Certificate2 != null && h4.equals(H2.c.h(bVar2, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !h4.equals(H2.c.h(bVar2, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    private static boolean responderMatches(C1059i c1059i, X509Certificate x509Certificate, b bVar) {
        byte[] h = c1059i.h();
        if (h != null) {
            return Arrays.equals(h, calcKeyHash(bVar.b("SHA1"), x509Certificate.getPublicKey()));
        }
        I2.b bVar2 = I2.b.f1604n;
        return H2.c.h(bVar2, c1059i.i()).equals(H2.c.h(bVar2, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean validatedOcspResponse(C1051a c1051a, g gVar, byte[] bArr, X509Certificate x509Certificate, b bVar) {
        try {
            AbstractC0841p h = c1051a.h();
            Signature createSignature = bVar.createSignature(getSignatureName(c1051a.k()));
            X509Certificate signerCert = getSignerCert(c1051a, gVar.d(), x509Certificate, bVar);
            if (signerCert == null && h == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) bVar.d("X.509").generateCertificate(new ByteArrayInputStream(h.s(0).b().getEncoded()));
                x509Certificate2.verify(gVar.d().getPublicKey());
                x509Certificate2.checkValidity(gVar.e());
                if (!responderMatches(c1051a.l().i(), x509Certificate2, bVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, gVar.a(), gVar.b());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(C.f1698d.h())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, gVar.a(), gVar.b());
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(c1051a.l().g("DER"));
            if (!createSignature.verify(c1051a.j().q())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, c1051a.l().j().h(InterfaceC1054d.f13474b).i().s())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, gVar.a(), gVar.b());
            }
            return true;
        } catch (IOException e2) {
            throw new CertPathValidatorException(A1.b.b(e2, C0187a.a("OCSP response failure: ")), e2, gVar.a(), gVar.b());
        } catch (CertPathValidatorException e4) {
            throw e4;
        } catch (GeneralSecurityException e5) {
            StringBuilder a4 = C0187a.a("OCSP response failure: ");
            a4.append(e5.getMessage());
            throw new CertPathValidatorException(a4.toString(), e5, gVar.a(), gVar.b());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x019a, code lost:
    
        if (r0.h().equals(r1.h().h()) != false) goto L66;
     */
    @Override // j3.InterfaceC0666f
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) {
        /*
            Method dump skipped, instructions count: 649
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.ProvOcspRevocationChecker.check(java.security.cert.Certificate):void");
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z4) {
        if (z4) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = T3.g.b("ocsp.enable");
        this.ocspURL = T3.g.a("ocsp.responderURL");
    }

    @Override // j3.InterfaceC0666f
    public void initialize(g gVar) {
        this.parameters = gVar;
        this.isEnabledOCSP = T3.g.b("ocsp.enable");
        this.ocspURL = T3.g.a("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void setParameter(String str, Object obj) {
    }
}
