package com.nttdocomo.android.ocsplib;

import android.content.Context;
import android.os.Build;
import com.amazonaws.http.HttpHeader;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1InputStream;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1Primitive;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.ASN1Sequence;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.DERIA5String;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.DEROctetString;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.AccessDescription;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.AuthorityInformationAccess;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.Extension;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.GeneralName;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.X509CertificateHolder;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.jcajce.SHA1DigestCalculator;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.BasicOCSPResp;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.CertificateID;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.CertificateStatus;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPException;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPReq;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPReqBuilder;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.OCSPResp;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.RevokedStatus;
import com.nttdocomo.android.ocsplib.bouncycastle.cert.ocsp.SingleResp;
import com.nttdocomo.android.ocsplib.bouncycastle.operator.OperatorCreationException;
import com.nttdocomo.android.ocsplib.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import com.nttdocomo.android.ocsplib.exception.OcspParameterException;
import com.nttdocomo.android.ocsplib.exception.OcspRequestException;
import com.nttdocomo.android.ocsplib.exception.OcspResponseException;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;

/* loaded from: classes.dex */
public class OcspUtil {
    private static final String CA_PROVIDER_NAME_AFTER_ICS = "AndroidCAStore";
    private static final String CA_PROVIDER_NAME_BEFORE_HONEYCOMB = "BKS";
    private static final String DN_REPLACE_FROM = "[^\\\\], +";
    private static final String DN_REPLACE_TO = ",";
    private static final String KEYSTORE_PATH_DEFAULT = "/system/etc/security/cacerts.bks";
    private static final String KEYSTORE_PATH_PROPERTY_NAME = "javax.net.ssl.trustStore";
    private static final String MESSAGE_DIGEST_NAME = "SHA1";
    private static final String PROVIDER_NAME = "BC";
    private static final int RESPONSE_BUFFER_SIZE = 4096;
    public static final int STATUS_GOOD = 0;
    public static final int STATUS_PIN_VERIFICATION_FAILED = 3;
    public static final int STATUS_REVOKED = 1;
    public static final int STATUS_UNKNOWN = 2;
    private static int sConnectTimeout = 5000;
    private static int sReadTimeout = 5000;
    private static HashMap<String, String> sCertNameMap = null;
    private static KeyStore sKeyStore = null;
    private static PinningCertificates sPinningCertificates = null;
    private static final Object sLockCert = new Object();
    private static final Object sLockPinning = new Object();

    private static int analyseResponse(OCSPResp oCSPResp, PublicKey publicKey, String str, String str2) throws OcspResponseException {
        if (oCSPResp.getStatus() != 0) {
            LogUtil.d("OCSP response exception found. Status : " + oCSPResp.getStatus());
            throw new OcspResponseException("OCSP response exception found. Status : " + oCSPResp.getStatus());
        }
        try {
            BasicOCSPResp basicOCSPResp = (BasicOCSPResp) oCSPResp.getResponseObject();
            boolean z = false;
            X509CertificateHolder[] certs = basicOCSPResp.getCerts();
            if (certs.length != 0) {
                int length = certs.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (basicOCSPResp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(PROVIDER_NAME).build(certs[i]))) {
                        z = true;
                        break;
                    }
                    i++;
                }
            } else if (basicOCSPResp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(PROVIDER_NAME).build(publicKey))) {
                z = true;
            }
            if (!z) {
                LogUtil.d("OCSP response signature is incorrect.");
                throw new OcspResponseException("OCSP response signature is incorrect.");
            }
            SingleResp[] responses = basicOCSPResp.getResponses();
            SingleResp singleResp = null;
            if (responses == null || responses.length == 0) {
                LogUtil.d("No OCSP response found.");
                throw new OcspResponseException("No OCSP response found.");
            }
            if (responses.length == 1) {
                singleResp = responses[0];
                if (!str.equals(singleResp.getCertID().getSerialNumber().toString(16))) {
                    LogUtil.d("No valid OCSP response found.");
                    throw new OcspResponseException("No valid OCSP response found.");
                }
            } else {
                LogUtil.d("Number of OCSP responses : " + responses.length);
                int length2 = responses.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length2) {
                        break;
                    }
                    SingleResp singleResp2 = responses[i2];
                    if (str.equals(singleResp2.getCertID().getSerialNumber().toString(16))) {
                        singleResp = singleResp2;
                        break;
                    }
                    i2++;
                }
                if (singleResp == null) {
                    LogUtil.d("No valid OCSP response found.");
                    throw new OcspResponseException("No valid OCSP response found.");
                }
            }
            LogUtil.d("OCSP response target certificate serial number : " + singleResp.getCertID().getSerialNumber().toString(16));
            Date thisUpdate = singleResp.getThisUpdate();
            LogUtil.d("thisUpdate : " + thisUpdate.toString());
            Date nextUpdate = singleResp.getNextUpdate();
            if (nextUpdate != null) {
                LogUtil.d("nextUpdate : " + nextUpdate.toString());
            } else {
                LogUtil.d("nextUpdate : not set");
            }
            if (singleResp.getCertStatus() == CertificateStatus.GOOD) {
                LogUtil.d("OCSP status : GOOD");
                CacheUtil.createCache(str2, 0, thisUpdate, nextUpdate);
                return 0;
            }
            if (!(singleResp.getCertStatus() instanceof RevokedStatus)) {
                LogUtil.d("OCSP status : " + singleResp.getCertStatus());
                return 2;
            }
            LogUtil.d("OCSP status : Revoked");
            CacheUtil.createCache(str2, 1, thisUpdate, nextUpdate);
            return 1;
        } catch (OCSPException e) {
            LogUtil.d("OCSP response is not valid or signature validation failed. " + e.getMessage());
            throw new OcspResponseException("OCSP response is not valid or signature validation failed.", e);
        } catch (OperatorCreationException e2) {
            e = e2;
            LogUtil.d("Failed to validate OCSP response signature. " + e.getMessage());
            throw new OcspResponseException("Failed to validate OCSP response signature.", e);
        } catch (CertificateException e3) {
            e = e3;
            LogUtil.d("Failed to validate OCSP response signature. " + e.getMessage());
            throw new OcspResponseException("Failed to validate OCSP response signature.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean checkPins(List<X509Certificate> list, String str) throws OcspParameterException {
        LogUtil.d("checkPins start.");
        if (str == null || sPinningCertificates == null) {
            LogUtil.d("Pinning certificates is disabled or no hostname found. Skip checkPins.");
            return true;
        }
        try {
            boolean checkPins = sPinningCertificates.checkPins(list, str);
            LogUtil.d("checkPins end. ret : " + checkPins);
            return checkPins;
        } catch (RuntimeException e) {
            throw new OcspParameterException(e.getMessage());
        }
    }

    public static void deleteCache() {
        LogUtil.d("deleteCache() start");
        if (!isInitialized()) {
            LogUtil.d("OcspUtil has not been initialized. No cache file deleted.");
        } else {
            CacheUtil.deleteCache();
            LogUtil.d("deleteCache() end");
        }
    }

    private static void ensureCertNameMapGenerated() {
        synchronized (sLockCert) {
            if (sCertNameMap == null) {
                sCertNameMap = new HashMap<>();
                try {
                    try {
                        try {
                            if (Build.VERSION.SDK_INT >= 14) {
                                sKeyStore = KeyStore.getInstance(CA_PROVIDER_NAME_AFTER_ICS);
                                sKeyStore.load(null, null);
                            } else {
                                sKeyStore = KeyStore.getInstance(CA_PROVIDER_NAME_BEFORE_HONEYCOMB);
                                String property = System.getProperty(KEYSTORE_PATH_PROPERTY_NAME);
                                if (property == null) {
                                    LogUtil.d("TrustStore path not found. set default.");
                                    property = KEYSTORE_PATH_DEFAULT;
                                }
                                LogUtil.d("TrustStore path : " + property);
                                sKeyStore.load(new FileInputStream(property), null);
                            }
                            Enumeration<String> aliases = sKeyStore.aliases();
                            LogUtil.d("Load root certificate list ...");
                            while (aliases.hasMoreElements()) {
                                String nextElement = aliases.nextElement();
                                String replaceAll = ((X509Certificate) sKeyStore.getCertificate(nextElement)).getSubjectX500Principal().getName().replaceAll(DN_REPLACE_FROM, ",");
                                sCertNameMap.put(replaceAll, nextElement);
                                LogUtil.d("  " + replaceAll);
                            }
                        } catch (NoSuchAlgorithmException e) {
                            LogUtil.d("Failed to get root certificate. NoSuchAlgorithmException : " + e.getMessage());
                            sCertNameMap = null;
                        }
                    } catch (CertificateException e2) {
                        LogUtil.d("Failed to get root certificate. CertificateException : " + e2.getMessage());
                        sCertNameMap = null;
                    }
                } catch (IOException e3) {
                    LogUtil.d("Failed to get root certificate. IOException : " + e3.getMessage());
                    sCertNameMap = null;
                } catch (KeyStoreException e4) {
                    LogUtil.d("Failed to get root certificate. KeyStoreException : " + e4.getMessage());
                    sCertNameMap = null;
                }
            }
        }
    }

    private static OCSPReq generateOCSPRequest(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws OcspRequestException {
        try {
            OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
            oCSPReqBuilder.addRequest(new CertificateID(new SHA1DigestCalculator(MessageDigest.getInstance(MESSAGE_DIGEST_NAME)), new X509CertificateHolder(x509Certificate2.getEncoded()), x509Certificate.getSerialNumber()));
            return oCSPReqBuilder.build();
        } catch (Exception e) {
            LogUtil.d("Failed to generate OCSP request. " + e.getMessage());
            throw new OcspRequestException("Failed to generate OCSP request. ", e);
        }
    }

    private static String getOcspServerUrl(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
        if (extensionValue == null) {
            LogUtil.d("Certificate doesn't have authority information access points.");
            return null;
        }
        try {
            for (AccessDescription accessDescription : AuthorityInformationAccess.getInstance(ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(((DEROctetString) new ASN1InputStream(extensionValue).readObject()).getOctets()))).getAccessDescriptions()) {
                GeneralName accessLocation = accessDescription.getAccessLocation();
                if (accessLocation.getTagNo() == 6 && X509ObjectIdentifiers.ocspAccessMethod.getId().equals(accessDescription.getAccessMethod().getId())) {
                    return DERIA5String.getInstance(accessLocation.getName()).getString();
                }
            }
            LogUtil.d("Cannot find OCSP responder URL from certificate.");
            return null;
        } catch (IOException e) {
            LogUtil.d("Cannot read authority information access points.");
            return null;
        }
    }

    private static X509Certificate getRootCertificate(X509Certificate x509Certificate) {
        String replaceAll = x509Certificate.getIssuerX500Principal().getName().replaceAll(DN_REPLACE_FROM, ",");
        ensureCertNameMapGenerated();
        if (sCertNameMap == null || sKeyStore == null) {
            return null;
        }
        try {
            String str = sCertNameMap.get(replaceAll);
            if (str != null) {
                return (X509Certificate) sKeyStore.getCertificate(str);
            }
        } catch (KeyStoreException e) {
            LogUtil.d("Failed to get root certificate. KeyStoreException : " + e.getMessage());
        }
        return null;
    }

    private static Certificate[] getServerCertificates(URL url) throws OcspRequestException {
        HttpsURLConnection httpsURLConnection = null;
        try {
            try {
                httpsURLConnection = (HttpsURLConnection) url.openConnection();
                httpsURLConnection.setInstanceFollowRedirects(false);
                httpsURLConnection.setConnectTimeout(sConnectTimeout);
                LogUtil.d("Get server certificates connect timeout : " + httpsURLConnection.getConnectTimeout());
                httpsURLConnection.setReadTimeout(sReadTimeout);
                LogUtil.d("Get server certificates read timeout : " + httpsURLConnection.getReadTimeout());
                LogUtil.d("Connect to server to get certificates. (HttpsURLConnection)");
                httpsURLConnection.connect();
                if (Build.VERSION.SDK_INT == 14 || Build.VERSION.SDK_INT == 15) {
                    httpsURLConnection.getResponseCode();
                }
                return httpsURLConnection.getServerCertificates();
            } catch (IOException e) {
                LogUtil.d("Failed to get server certificates. " + e.getMessage());
                throw new OcspRequestException("Failed to get server certificates.", e);
            }
        } finally {
            if (httpsURLConnection != null) {
                httpsURLConnection.disconnect();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509Certificate> getTrustedChain(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            arrayList.add((X509Certificate) certificate);
            X509Certificate rootCertificate = getRootCertificate((X509Certificate) certificate);
            if (rootCertificate != null) {
                LogUtil.d("Root certificate found. DN : " + rootCertificate.getSubjectX500Principal().getName());
                arrayList.add(rootCertificate);
                return arrayList;
            }
        }
        return null;
    }

    public static void init(Context context) throws OcspParameterException {
        LogUtil.d("init() start");
        if (isInitialized()) {
            LogUtil.d("Already initialized.");
            LogUtil.d("init() end");
        } else {
            if (context == null) {
                LogUtil.d("Failed to initialize library.");
                throw new OcspParameterException("Failed to initialize library.");
            }
            CacheUtil.init(context.getCacheDir());
            LogUtil.d("init() end");
        }
    }

    public static void init(Context context, int i) throws OcspParameterException {
        LogUtil.d("init() with PinningCertificates start");
        init(context);
        synchronized (sLockPinning) {
            if (sPinningCertificates == null) {
                sPinningCertificates = new PinningCertificates();
                try {
                    sPinningCertificates.init(context, i);
                } catch (RuntimeException e) {
                    LogUtil.d("PinningCertificates initialization failed. " + e.getMessage());
                    throw new OcspParameterException("PinningCertificates initialization failed. " + e.getMessage());
                }
            } else {
                LogUtil.d("PinningCertificates instance already initialized.");
            }
        }
        LogUtil.d("init() with PinningCertificates end");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isInitialized() {
        return CacheUtil.isInitialized();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isPinningCertificatesEnabled() {
        return sPinningCertificates != null;
    }

    private static OCSPResp sendOCSPRequest(OCSPReq oCSPReq, String str) throws OcspRequestException {
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(str).openConnection();
                httpURLConnection2.setRequestProperty("Content-Type", "application/ocsp-request");
                httpURLConnection2.setRequestProperty(HttpHeader.ACCEPT, "application/ocsp-response");
                httpURLConnection2.setDoOutput(true);
                httpURLConnection2.setConnectTimeout(sConnectTimeout);
                LogUtil.d("OCSP request connect timeout : " + httpURLConnection2.getConnectTimeout());
                httpURLConnection2.setReadTimeout(sReadTimeout);
                LogUtil.d("OCSP request read timeout : " + httpURLConnection2.getReadTimeout());
                LogUtil.d("Send OCSP request.");
                DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection2.getOutputStream()));
                dataOutputStream.write(oCSPReq.getEncoded());
                dataOutputStream.flush();
                dataOutputStream.close();
                LogUtil.d("OCSP response responseCode : " + httpURLConnection2.getResponseCode());
                LogUtil.d("OCSP response Content-Length : " + httpURLConnection2.getContentLength());
                LogUtil.d("OCSP response Content-Type : " + httpURLConnection2.getContentType());
                if (httpURLConnection2.getResponseCode() != 200) {
                    LogUtil.d("Failed to send OCSP request. response code : " + httpURLConnection2.getResponseCode());
                    throw new OcspRequestException("Failed to send OCSP request. response code : " + httpURLConnection2.getResponseCode());
                }
                InputStream inputStream = httpURLConnection2.getInputStream();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                while (true) {
                    byte[] bArr = new byte[4096];
                    int read = inputStream.read(bArr);
                    if (read < 0) {
                        break;
                    }
                    byteArrayOutputStream.write(bArr, 0, read);
                }
                inputStream.close();
                OCSPResp oCSPResp = new OCSPResp(byteArrayOutputStream.toByteArray());
                LogUtil.d("OCSP response status : " + oCSPResp.getStatus());
                if (httpURLConnection2 != null) {
                    httpURLConnection2.disconnect();
                }
                return oCSPResp;
            } catch (IOException e) {
                LogUtil.d("Failed to send OCSP request. " + e.getMessage());
                throw new OcspRequestException("Failed to send OCSP request.", e);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    public static void setConnectTimeout(int i) throws OcspParameterException {
        LogUtil.d("setConnectTimeout() start");
        LogUtil.d("Timeout : " + i);
        if (i < 0) {
            LogUtil.d("Connect timeout must be zero or higher.");
            throw new OcspParameterException("Connect timeout must be zero or higher.");
        }
        sConnectTimeout = i;
        LogUtil.d("setConnectTimeout() end");
    }

    public static void setReadTimeout(int i) throws OcspParameterException {
        LogUtil.d("setReadTimeout() start");
        LogUtil.d("Timeout : " + i);
        if (i < 0) {
            LogUtil.d("Read timeout must be zero or higher.");
            throw new OcspParameterException("Read timeout must be zero or higher.");
        }
        sReadTimeout = i;
        LogUtil.d("setReadTimeout() end");
    }

    @Deprecated
    public static int verifyCert(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z) throws OcspParameterException, OcspRequestException, OcspResponseException {
        LogUtil.d("verifyCert() start");
        LogUtil.d("Issuer : " + x509Certificate2.getSubjectX500Principal().getName());
        LogUtil.d("Target : " + x509Certificate.getSubjectX500Principal().getName());
        LogUtil.d("Target serial : " + x509Certificate.getSerialNumber().toString(16));
        LogUtil.d("useCache : " + z);
        if (!isInitialized()) {
            LogUtil.d("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        String generateCacheKey = CacheUtil.generateCacheKey(x509Certificate);
        if (z && generateCacheKey != null) {
            switch (CacheUtil.verifyCertFromCache(generateCacheKey)) {
                case 0:
                    LogUtil.d("verifyCert() end");
                    return 0;
                case 1:
                    LogUtil.d("verifyCert() end");
                    return 1;
                default:
                    LogUtil.d("No valid cache found.");
                    break;
            }
        }
        String ocspServerUrl = getOcspServerUrl(x509Certificate);
        if (ocspServerUrl == null) {
            LogUtil.d("No OCSP responder URL. Skip verify.");
            LogUtil.d("verifyCert() end");
            return 0;
        }
        LogUtil.d("OCSP responder URL : " + ocspServerUrl);
        int analyseResponse = analyseResponse(sendOCSPRequest(generateOCSPRequest(x509Certificate, x509Certificate2), ocspServerUrl), x509Certificate2.getPublicKey(), x509Certificate.getSerialNumber().toString(16), generateCacheKey);
        LogUtil.d("verifyCert() end");
        return analyseResponse;
    }

    public static int verifyCert(Certificate[] certificateArr, String str, boolean z) throws OcspParameterException, OcspRequestException, OcspResponseException {
        LogUtil.d("verifyCert(chain) start");
        LogUtil.d("useCache : " + z);
        if (!isInitialized()) {
            LogUtil.d("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        if (certificateArr == null || certificateArr.length == 0) {
            LogUtil.d("Certificate chain is null or length 0.");
            throw new OcspParameterException("Certificate chain is null or length 0.");
        }
        List<X509Certificate> trustedChain = getTrustedChain(certificateArr);
        if (trustedChain == null) {
            LogUtil.d("Failed to generate certificate chain.");
            return 2;
        }
        int i = 0;
        for (int i2 = 0; i2 < trustedChain.size() - 1 && i == 0; i2++) {
            i = verifyCert(trustedChain.get(i2), trustedChain.get(i2 + 1), z);
        }
        if (Build.VERSION.SDK_INT < 24 && str != null && sPinningCertificates != null && i == 0 && !checkPins(trustedChain, str)) {
            LogUtil.d("Pin verification failed");
            i = 3;
        }
        LogUtil.d("verifyCert(chain) end");
        return i;
    }

    public static int verifyUrl(String str, boolean z) throws OcspParameterException, OcspRequestException, OcspResponseException {
        LogUtil.d("verifyUrl() start");
        LogUtil.d("Target URL : " + str);
        LogUtil.d("useCache : " + z);
        if (!isInitialized()) {
            LogUtil.d("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        try {
            URL url = new URL(str);
            if (!url.getProtocol().equals("https")) {
                LogUtil.d("Target protocol is " + url.getProtocol() + ". Skip verify.");
                return 0;
            }
            Certificate[] serverCertificates = getServerCertificates(url);
            if (serverCertificates == null || serverCertificates.length == 0) {
                LogUtil.d("Failed to get server certificates. (chain is null or length 0)");
                throw new OcspRequestException("Failed to get server certificates. (chain is null or length 0)");
            }
            int verifyCert = verifyCert(serverCertificates, url.getHost(), z);
            LogUtil.d("verifyUrl() end");
            return verifyCert;
        } catch (MalformedURLException e) {
            LogUtil.d("URL is malformed. " + e.getMessage());
            throw new OcspParameterException("URL is malformed.", e);
        }
    }
}
