package org.bouncycastle.jce.provider;

import defpackage.aup;
import defpackage.b0;
import defpackage.b07;
import defpackage.b41;
import defpackage.cd1;
import defpackage.e0;
import defpackage.ea9;
import defpackage.er1;
import defpackage.ezm;
import defpackage.f8b;
import defpackage.fql;
import defpackage.ge1;
import defpackage.gr9;
import defpackage.i0;
import defpackage.j5v;
import defpackage.jx8;
import defpackage.l0;
import defpackage.mh3;
import defpackage.mid;
import defpackage.mml;
import defpackage.mv;
import defpackage.mvo;
import defpackage.n0;
import defpackage.nh3;
import defpackage.nml;
import defpackage.o0;
import defpackage.o0i;
import defpackage.o6v;
import defpackage.oh3;
import defpackage.oml;
import defpackage.q0i;
import defpackage.q40;
import defpackage.r0i;
import defpackage.r8h;
import defpackage.rbd;
import defpackage.rdg;
import defpackage.ruk;
import defpackage.t0i;
import defpackage.u0;
import defpackage.umi;
import defpackage.uu6;
import defpackage.vgk;
import defpackage.x0;
import defpackage.xe;
import defpackage.ymi;
import defpackage.z;
import defpackage.zmi;
import defpackage.zv9;
import defpackage.zz6;
import defpackage.zzd;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.Extension;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: Twttr */
/* loaded from: classes7.dex */
public class ProvOcspRevocationChecker implements ymi {
    private static final int DEFAULT_OCSP_MAX_RESPONSE_SIZE = 32768;
    private static final int DEFAULT_OCSP_TIMEOUT = 15000;
    private static final Map oids;
    private final mid helper;
    private boolean isEnabledOCSP;
    private String ocspURL;
    private zmi parameters;
    private final ProvRevocationChecker parent;

    static {
        HashMap hashMap = new HashMap();
        oids = hashMap;
        hashMap.put(new n0("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(umi.q0, "SHA224WITHRSA");
        hashMap.put(umi.n0, "SHA256WITHRSA");
        hashMap.put(umi.o0, "SHA384WITHRSA");
        hashMap.put(umi.p0, "SHA512WITHRSA");
        hashMap.put(uu6.m, "GOST3411WITHGOST3410");
        hashMap.put(uu6.n, "GOST3411WITHECGOST3410");
        hashMap.put(ezm.g, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(ezm.h, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(ge1.a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(ge1.b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(ge1.c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(ge1.d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(ge1.e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(ge1.f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(jx8.a, "SHA1WITHCVC-ECDSA");
        hashMap.put(jx8.b, "SHA224WITHCVC-ECDSA");
        hashMap.put(jx8.c, "SHA256WITHCVC-ECDSA");
        hashMap.put(jx8.d, "SHA384WITHCVC-ECDSA");
        hashMap.put(jx8.e, "SHA512WITHCVC-ECDSA");
        hashMap.put(rbd.a, "XMSS");
        hashMap.put(rbd.b, "XMSSMT");
        hashMap.put(new n0("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new n0("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new n0("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(o6v.G1, "SHA1WITHECDSA");
        hashMap.put(o6v.J1, "SHA224WITHECDSA");
        hashMap.put(o6v.K1, "SHA256WITHECDSA");
        hashMap.put(o6v.L1, "SHA384WITHECDSA");
        hashMap.put(o6v.M1, "SHA512WITHECDSA");
        hashMap.put(t0i.h, "SHA1WITHRSA");
        hashMap.put(t0i.g, "SHA1WITHDSA");
        hashMap.put(r8h.P, "SHA224WITHDSA");
        hashMap.put(r8h.Q, "SHA256WITHDSA");
    }

    public ProvOcspRevocationChecker(ProvRevocationChecker provRevocationChecker, mid midVar) {
        this.parent = provRevocationChecker;
        this.helper = midVar;
    }

    private static byte[] calcKeyHash(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(aup.m(publicKey.getEncoded()).d.C());
    }

    private mh3 createCertID(mh3 mh3Var, oh3 oh3Var, i0 i0Var) throws CertPathValidatorException {
        return createCertID(mh3Var.c, oh3Var, i0Var);
    }

    private mh3 createCertID(mv mvVar, oh3 oh3Var, i0 i0Var) throws CertPathValidatorException {
        try {
            MessageDigest b = this.helper.b(rdg.b(mvVar.c));
            return new mh3(mvVar, new b07(b.digest(oh3Var.d.Z.l("DER"))), new b07(b.digest(oh3Var.d.H2.d.C())), i0Var);
        } catch (Exception e) {
            throw new CertPathValidatorException("problem creating ID: " + e, e);
        }
    }

    private oh3 extractCert() throws CertPathValidatorException {
        try {
            return oh3.m(this.parameters.e.getEncoded());
        } catch (Exception e) {
            String h = gr9.h(e, new StringBuilder("cannot process signing cert: "));
            zmi zmiVar = this.parameters;
            throw new CertPathValidatorException(h, e, zmiVar.c, zmiVar.d);
        }
    }

    private static String getDigestName(n0 n0Var) {
        String b = rdg.b(n0Var);
        int indexOf = b.indexOf(45);
        if (indexOf <= 0 || b.startsWith("SHA3")) {
            return b;
        }
        return b.substring(0, indexOf) + b.substring(indexOf + 1);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static URI getOcspResponderURI(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(zv9.U2.c);
        if (extensionValue == null) {
            return null;
        }
        byte[] bArr = o0.B(extensionValue).c;
        xe[] xeVarArr = (bArr instanceof b41 ? (b41) bArr : bArr != 0 ? new b41(u0.E(bArr)) : null).c;
        int length = xeVarArr.length;
        xe[] xeVarArr2 = new xe[length];
        System.arraycopy(xeVarArr, 0, xeVarArr2, 0, xeVarArr.length);
        for (int i = 0; i != length; i++) {
            xe xeVar = xeVarArr2[i];
            if (xe.q.v(xeVar.c)) {
                f8b f8bVar = xeVar.d;
                if (f8bVar.d == 6) {
                    try {
                        return new URI(((x0) f8bVar.c).j());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static String getSignatureName(mv mvVar) {
        z zVar = mvVar.d;
        n0 n0Var = mvVar.c;
        if (zVar != null && !zz6.d.u(zVar) && n0Var.v(umi.m0)) {
            return ea9.E(new StringBuilder(), getDigestName(ruk.m(zVar).c.c), "WITHRSAANDMGF1");
        }
        Map map = oids;
        return map.containsKey(n0Var) ? (String) map.get(n0Var) : n0Var.c;
    }

    private static X509Certificate getSignerCert(er1 er1Var, X509Certificate x509Certificate, X509Certificate x509Certificate2, mid midVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        l0 l0Var = er1Var.c.q.c;
        byte[] bArr = l0Var instanceof o0 ? ((o0) l0Var).c : null;
        if (bArr != null) {
            MessageDigest b = midVar.b("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, calcKeyHash(b, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, calcKeyHash(b, x509Certificate.getPublicKey()))) {
                return x509Certificate;
            }
        } else {
            cd1 cd1Var = cd1.H2;
            j5v m = j5v.m(cd1Var, l0Var instanceof o0 ? null : j5v.o(l0Var));
            if (x509Certificate2 != null && m.equals(j5v.m(cd1Var, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && m.equals(j5v.m(cd1Var, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    private static boolean responderMatches(mml mmlVar, X509Certificate x509Certificate, mid midVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        l0 l0Var = mmlVar.c;
        byte[] bArr = l0Var instanceof o0 ? ((o0) l0Var).c : null;
        if (bArr != null) {
            return Arrays.equals(bArr, calcKeyHash(midVar.b("SHA1"), x509Certificate.getPublicKey()));
        }
        cd1 cd1Var = cd1.H2;
        return j5v.m(cd1Var, l0Var instanceof o0 ? null : j5v.o(l0Var)).equals(j5v.m(cd1Var, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean validatedOcspResponse(er1 er1Var, zmi zmiVar, byte[] bArr, X509Certificate x509Certificate, mid midVar) throws CertPathValidatorException {
        try {
            u0 u0Var = er1Var.x;
            Signature createSignature = midVar.createSignature(getSignatureName(er1Var.d));
            X509Certificate signerCert = getSignerCert(er1Var, zmiVar.e, x509Certificate, midVar);
            if (signerCert == null && u0Var == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            oml omlVar = er1Var.c;
            int i = zmiVar.d;
            CertPath certPath = zmiVar.c;
            if (signerCert != null) {
                createSignature.initVerify(signerCert.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) midVar.f("X.509").generateCertificate(new ByteArrayInputStream(u0Var.F(0).i().getEncoded()));
                x509Certificate2.verify(zmiVar.e.getPublicKey());
                x509Certificate2.checkValidity(new Date(zmiVar.b.getTime()));
                if (!responderMatches(omlVar.q, x509Certificate2, midVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, certPath, i);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(zzd.q.c.c)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, certPath, i);
                }
                createSignature.initVerify(x509Certificate2);
            }
            createSignature.update(omlVar.l("DER"));
            if (!createSignature.verify(er1Var.q.C())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, omlVar.X.m(o0i.b).q.c)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, certPath, i);
            }
            return true;
        } catch (IOException e) {
            throw new CertPathValidatorException(ea9.D(e, new StringBuilder("OCSP response failure: ")), e, zmiVar.c, zmiVar.d);
        } catch (CertPathValidatorException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new CertPathValidatorException("OCSP response failure: " + e3.getMessage(), e3, zmiVar.c, zmiVar.d);
        }
    }

    @Override // defpackage.ymi
    public void check(Certificate certificate) throws CertPathValidatorException {
        URI ocspResponder;
        List ocspExtensions;
        byte[] bArr;
        boolean z;
        byte[] value;
        String id;
        X509Certificate ocspResponderCert;
        X509Certificate ocspResponderCert2;
        List ocspExtensions2;
        URI ocspResponder2;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        Map a = a.a(this.parent);
        ocspResponder = this.parent.getOcspResponder();
        if (ocspResponder == null) {
            if (this.ocspURL != null) {
                try {
                    ocspResponder = new URI(this.ocspURL);
                } catch (URISyntaxException e) {
                    String str = "configuration error: " + e.getMessage();
                    zmi zmiVar = this.parameters;
                    throw new CertPathValidatorException(str, e, zmiVar.c, zmiVar.d);
                }
            } else {
                ocspResponder = getOcspResponderURI(x509Certificate);
            }
        }
        URI uri = ocspResponder;
        if (a.get(x509Certificate) != null || uri == null) {
            ocspExtensions = this.parent.getOcspExtensions();
            bArr = null;
            for (int i = 0; i != ocspExtensions.size(); i++) {
                Extension b = q40.b(ocspExtensions.get(i));
                value = b.getValue();
                String str2 = o0i.b.c;
                id = b.getId();
                if (str2.equals(id)) {
                    bArr = value;
                }
            }
            z = false;
        } else {
            if (this.ocspURL == null) {
                ocspResponder2 = this.parent.getOcspResponder();
                if (ocspResponder2 == null && !this.isEnabledOCSP) {
                    zmi zmiVar2 = this.parameters;
                    throw new RecoverableCertPathValidatorException("OCSP disabled by \"ocsp.enable\" setting", null, zmiVar2.c, zmiVar2.d);
                }
            }
            mh3 createCertID = createCertID(new mv(t0i.f), extractCert(), new i0(x509Certificate.getSerialNumber()));
            zmi zmiVar3 = this.parameters;
            ocspResponderCert2 = this.parent.getOcspResponderCert();
            ocspExtensions2 = this.parent.getOcspExtensions();
            try {
                a.put(x509Certificate, OcspCache.getOcspResponse(createCertID, zmiVar3, uri, ocspResponderCert2, ocspExtensions2, this.helper).getEncoded());
                z = true;
                bArr = null;
            } catch (IOException e2) {
                zmi zmiVar4 = this.parameters;
                throw new CertPathValidatorException("unable to encode OCSP response", e2, zmiVar4.c, zmiVar4.d);
            }
        }
        if (a.isEmpty()) {
            zmi zmiVar5 = this.parameters;
            throw new RecoverableCertPathValidatorException("no OCSP response found for any certificate", null, zmiVar5.c, zmiVar5.d);
        }
        Object obj = a.get(x509Certificate);
        q0i q0iVar = obj instanceof q0i ? (q0i) obj : obj != null ? new q0i(u0.E(obj)) : null;
        i0 i0Var = new i0(x509Certificate.getSerialNumber());
        if (q0iVar == null) {
            zmi zmiVar6 = this.parameters;
            throw new RecoverableCertPathValidatorException("no OCSP response found for certificate", null, zmiVar6.c, zmiVar6.d);
        }
        r0i r0iVar = q0iVar.c;
        if (r0iVar.c.D() != 0) {
            StringBuilder sb = new StringBuilder("OCSP response failed: ");
            b0 b0Var = r0iVar.c;
            b0Var.getClass();
            sb.append(new BigInteger(b0Var.c));
            String sb2 = sb.toString();
            zmi zmiVar7 = this.parameters;
            throw new CertPathValidatorException(sb2, null, zmiVar7.c, zmiVar7.d);
        }
        nml m = nml.m(q0iVar.d);
        if (m.c.v(o0i.a)) {
            try {
                er1 m2 = er1.m(m.d.c);
                if (!z) {
                    zmi zmiVar8 = this.parameters;
                    ocspResponderCert = this.parent.getOcspResponderCert();
                    if (!validatedOcspResponse(m2, zmiVar8, bArr, ocspResponderCert, this.helper)) {
                        return;
                    }
                }
                u0 u0Var = oml.m(m2.c).y;
                mh3 mh3Var = null;
                for (int i2 = 0; i2 != u0Var.size(); i2++) {
                    z F = u0Var.F(i2);
                    mvo mvoVar = F instanceof mvo ? (mvo) F : F != null ? new mvo(u0.E(F)) : null;
                    if (i0Var.v(mvoVar.c.x)) {
                        e0 e0Var = mvoVar.x;
                        if (e0Var != null) {
                            zmi zmiVar9 = this.parameters;
                            zmiVar9.getClass();
                            if (new Date(zmiVar9.b.getTime()).after(e0Var.D())) {
                                throw new ExtCertPathValidatorException();
                            }
                        }
                        mh3 mh3Var2 = mvoVar.c;
                        if (mh3Var == null || !mh3Var.c.equals(mh3Var2.c)) {
                            mh3Var = createCertID(mh3Var2, extractCert(), i0Var);
                        }
                        if (mh3Var.equals(mh3Var2)) {
                            nh3 nh3Var = mvoVar.d;
                            int i3 = nh3Var.c;
                            if (i3 == 0) {
                                return;
                            }
                            if (i3 != 1) {
                                zmi zmiVar10 = this.parameters;
                                throw new CertPathValidatorException("certificate revoked, details unknown", null, zmiVar10.c, zmiVar10.d);
                            }
                            l0 l0Var = nh3Var.d;
                            fql fqlVar = !(l0Var instanceof fql) ? l0Var != null ? new fql(u0.E(l0Var)) : null : (fql) l0Var;
                            String str3 = "certificate revoked, reason=(" + fqlVar.d + "), date=" + fqlVar.c.D();
                            zmi zmiVar11 = this.parameters;
                            throw new CertPathValidatorException(str3, null, zmiVar11.c, zmiVar11.d);
                        }
                    }
                }
            } catch (CertPathValidatorException e3) {
                throw e3;
            } catch (Exception e4) {
                zmi zmiVar12 = this.parameters;
                throw new CertPathValidatorException("unable to process OCSP response", e4, zmiVar12.c, zmiVar12.d);
            }
        }
    }

    public List<CertPathValidatorException> getSoftFailExceptions() {
        return null;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.parameters = null;
        this.isEnabledOCSP = vgk.b("ocsp.enable");
        this.ocspURL = vgk.a("ocsp.responderURL");
    }

    @Override // defpackage.ymi
    public void initialize(zmi zmiVar) {
        this.parameters = zmiVar;
        this.isEnabledOCSP = vgk.b("ocsp.enable");
        this.ocspURL = vgk.a("ocsp.responderURL");
    }

    public boolean isForwardCheckingSupported() {
        return false;
    }

    public void setParameter(String str, Object obj) {
    }
}
