package e.a.o.o;

import e.a.b.g2;
import e.a.b.i2;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class o0 implements e.a.n.q {
    private static final int f = 15000;
    private static final int g = 32768;
    private static final Map h;

    /* renamed from: a, reason: collision with root package name */
    private final p0 f25199a;

    /* renamed from: b, reason: collision with root package name */
    private final e.a.n.b0.f f25200b;

    /* renamed from: c, reason: collision with root package name */
    private e.a.n.r f25201c;

    /* renamed from: d, reason: collision with root package name */
    private boolean f25202d;

    /* renamed from: e, reason: collision with root package name */
    private String f25203e;

    static {
        HashMap hashMap = new HashMap();
        h = hashMap;
        hashMap.put(new e.a.b.a0("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        h.put(e.a.b.w4.t.A2, "SHA224WITHRSA");
        h.put(e.a.b.w4.t.x2, "SHA256WITHRSA");
        h.put(e.a.b.w4.t.y2, "SHA384WITHRSA");
        h.put(e.a.b.w4.t.z2, "SHA512WITHRSA");
        h.put(e.a.b.z3.a.n, "GOST3411WITHGOST3410");
        h.put(e.a.b.z3.a.o, "GOST3411WITHECGOST3410");
        h.put(e.a.b.x4.a.i, "GOST3411-2012-256WITHECGOST3410-2012-256");
        h.put(e.a.b.x4.a.j, "GOST3411-2012-512WITHECGOST3410-2012-512");
        h.put(e.a.l.a.a.a.f24209d, "SHA1WITHPLAIN-ECDSA");
        h.put(e.a.l.a.a.a.f24210e, "SHA224WITHPLAIN-ECDSA");
        h.put(e.a.l.a.a.a.f, "SHA256WITHPLAIN-ECDSA");
        h.put(e.a.l.a.a.a.g, "SHA384WITHPLAIN-ECDSA");
        h.put(e.a.l.a.a.a.h, "SHA512WITHPLAIN-ECDSA");
        h.put(e.a.l.a.a.a.i, "RIPEMD160WITHPLAIN-ECDSA");
        h.put(e.a.l.a.c.a.s, "SHA1WITHCVC-ECDSA");
        h.put(e.a.l.a.c.a.t, "SHA224WITHCVC-ECDSA");
        h.put(e.a.l.a.c.a.u, "SHA256WITHCVC-ECDSA");
        h.put(e.a.l.a.c.a.v, "SHA384WITHCVC-ECDSA");
        h.put(e.a.l.a.c.a.w, "SHA512WITHCVC-ECDSA");
        h.put(e.a.b.k4.a.f21119a, "XMSS");
        h.put(e.a.b.k4.a.f21120b, "XMSSMT");
        h.put(new e.a.b.a0("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        h.put(new e.a.b.a0("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        h.put(new e.a.b.a0("1.2.840.10040.4.3"), "SHA1WITHDSA");
        h.put(e.a.b.g5.r.d6, "SHA1WITHECDSA");
        h.put(e.a.b.g5.r.h6, "SHA224WITHECDSA");
        h.put(e.a.b.g5.r.i6, "SHA256WITHECDSA");
        h.put(e.a.b.g5.r.j6, "SHA384WITHECDSA");
        h.put(e.a.b.g5.r.k6, "SHA512WITHECDSA");
        h.put(e.a.b.v4.b.k, "SHA1WITHRSA");
        h.put(e.a.b.v4.b.j, "SHA1WITHDSA");
        h.put(e.a.b.r4.d.a0, "SHA224WITHDSA");
        h.put(e.a.b.r4.d.b0, "SHA256WITHDSA");
    }

    public o0(p0 p0Var, e.a.n.b0.f fVar) {
        this.f25199a = p0Var;
        this.f25200b = fVar;
    }

    private e.a.b.u4.b a(e.a.b.f5.b bVar, e.a.b.f5.o oVar, e.a.b.v vVar) throws CertPathValidatorException {
        try {
            MessageDigest i = this.f25200b.i(e.a.n.b0.h.a(bVar.k()));
            return new e.a.b.u4.b(bVar, new i2(i.digest(oVar.q().a(e.a.b.k.f21108a))), new i2(i.digest(oVar.r().n().n())), vVar);
        } catch (Exception e2) {
            throw new CertPathValidatorException("problem creating ID: " + e2, e2);
        }
    }

    private e.a.b.u4.b a(e.a.b.u4.b bVar, e.a.b.f5.o oVar, e.a.b.v vVar) throws CertPathValidatorException {
        return a(bVar.k(), oVar, vVar);
    }

    private static String a(e.a.b.a0 a0Var) {
        String a2 = e.a.n.b0.h.a(a0Var);
        int indexOf = a2.indexOf(45);
        if (indexOf <= 0 || a2.startsWith("SHA3")) {
            return a2;
        }
        return a2.substring(0, indexOf) + a2.substring(indexOf + 1);
    }

    private static String a(e.a.b.f5.b bVar) {
        e.a.b.i l = bVar.l();
        if (l == null || g2.f20998b.a(l) || !bVar.k().b(e.a.b.w4.t.w2)) {
            return h.containsKey(bVar.k()) ? (String) h.get(bVar.k()) : bVar.k().n();
        }
        return a(e.a.b.w4.b0.a(l).k().k()) + "WITHRSAANDMGF1";
    }

    static URI a(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(e.a.b.f5.y.A.n());
        if (extensionValue == null) {
            return null;
        }
        e.a.b.f5.a[] k = e.a.b.f5.h.a(e.a.b.b0.a((Object) extensionValue).n()).k();
        for (int i = 0; i != k.length; i++) {
            e.a.b.f5.a aVar = k[i];
            if (e.a.b.f5.a.f20728d.b(aVar.l())) {
                e.a.b.f5.b0 k2 = aVar.k();
                if (k2.e() == 6) {
                    try {
                        return new URI(((e.a.b.n0) k2.getName()).getString());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    private static X509Certificate a(e.a.b.u4.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2, e.a.n.b0.f fVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        e.a.b.u4.j l = aVar.n().l();
        byte[] k = l.k();
        if (k != null) {
            MessageDigest i = fVar.i("SHA1");
            if (x509Certificate2 != null && e.a.y.a.a(k, a(i, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !e.a.y.a.a(k, a(i, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        e.a.b.e5.d a2 = e.a.b.e5.d.a(e.a.b.e5.g.b.R, l.getName());
        if (x509Certificate2 != null && a2.equals(e.a.b.e5.d.a(e.a.b.e5.g.b.R, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !a2.equals(e.a.b.e5.d.a(e.a.b.e5.g.b.R, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(e.a.b.u4.a aVar, e.a.n.r rVar, byte[] bArr, X509Certificate x509Certificate, e.a.n.b0.f fVar) throws CertPathValidatorException {
        try {
            e.a.b.i0 k = aVar.k();
            Signature a2 = fVar.a(a(aVar.m()));
            X509Certificate a3 = a(aVar, rVar.d(), x509Certificate, fVar);
            if (a3 == null && k == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (a3 != null) {
                a2.initVerify(a3.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) fVar.m("X.509").generateCertificate(new ByteArrayInputStream(k.c(0).j().getEncoded()));
                x509Certificate2.verify(rVar.d().getPublicKey());
                x509Certificate2.checkValidity(rVar.e());
                if (!a(aVar.n().l(), x509Certificate2, fVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, rVar.a(), rVar.b());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(e.a.b.f5.j0.l.k())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, rVar.a(), rVar.b());
                }
                a2.initVerify(x509Certificate2);
            }
            a2.update(aVar.n().a(e.a.b.k.f21108a));
            if (!a2.verify(aVar.l().n())) {
                return false;
            }
            if (bArr != null && !e.a.y.a.a(bArr, aVar.n().m().a(e.a.b.u4.e.f21471c).l().n())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, rVar.a(), rVar.b());
            }
            return true;
        } catch (IOException e2) {
            throw new CertPathValidatorException("OCSP response failure: " + e2.getMessage(), e2, rVar.a(), rVar.b());
        } catch (CertPathValidatorException e3) {
            throw e3;
        } catch (GeneralSecurityException e4) {
            throw new CertPathValidatorException("OCSP response failure: " + e4.getMessage(), e4, rVar.a(), rVar.b());
        }
    }

    private static boolean a(e.a.b.u4.j jVar, X509Certificate x509Certificate, e.a.n.b0.f fVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] k = jVar.k();
        return k != null ? e.a.y.a.a(k, a(fVar.i("SHA1"), x509Certificate.getPublicKey())) : e.a.b.e5.d.a(e.a.b.e5.g.b.R, jVar.getName()).equals(e.a.b.e5.d.a(e.a.b.e5.g.b.R, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    private static byte[] a(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(e.a.b.f5.d1.a(publicKey.getEncoded()).n().n());
    }

    private e.a.b.f5.o d() throws CertPathValidatorException {
        try {
            return e.a.b.f5.o.a(this.f25201c.d().getEncoded());
        } catch (Exception e2) {
            throw new CertPathValidatorException("cannot process signing cert: " + e2.getMessage(), e2, this.f25201c.a(), this.f25201c.b());
        }
    }

    public List<CertPathValidatorException> a() {
        return null;
    }

    @Override // e.a.n.q
    public void a(e.a.n.r rVar) {
        this.f25201c = rVar;
        this.f25202d = e.a.y.r.d("ocsp.enable");
        this.f25203e = e.a.y.r.c("ocsp.responderURL");
    }

    public void a(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f25201c = null;
        this.f25202d = e.a.y.r.d("ocsp.enable");
        this.f25203e = e.a.y.r.c("ocsp.responderURL");
    }

    public Set<String> b() {
        return null;
    }

    public boolean c() {
        return false;
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x01a0, code lost:
    
        if (r0.k().equals(r1.k().k()) != false) goto L66;
     */
    @Override // e.a.n.q
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 661
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: e.a.o.o.o0.check(java.security.cert.Certificate):void");
    }

    @Override // e.a.n.q
    public void setParameter(String str, Object obj) {
    }
}
