package com.rsa.cryptoj.o;

import com.rsa.cryptoj.o.dn;
import com.rsa.cryptoj.o.px;
import com.rsa.jcp.OCSPResponderConfig;
import com.rsa.jcp.OCSPWithRespondersParameters;
import com.rsa.jsafe.provider.CacheInterface;
import com.rsa.jsafe.provider.JsafeJCE;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class pz implements qq {
    private static final int a = 1000;
    private static final String b = "Content-length";
    private static final String c = "application/ocsp-request";
    private static final String d = "Content-type";
    private final PKIXParameters e;
    private final List<OCSPResponderConfig> f;
    private final boolean t;
    private final boolean u;
    private String v;
    private final cf w;
    private final List<ca> x;
    private final de y;
    private final CacheInterface z;

    public pz(cf cfVar, List<ca> list) {
        this(cfVar, list, null, null, false, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public pz(cf cfVar, List<ca> list, PKIXParameters pKIXParameters, OCSPWithRespondersParameters oCSPWithRespondersParameters) {
        this(cfVar, list, pKIXParameters, oCSPWithRespondersParameters, oCSPWithRespondersParameters.isOverrideAIAEnabled(), oCSPWithRespondersParameters.isSupplementAIAEnabled());
    }

    private pz(cf cfVar, List<ca> list, PKIXParameters pKIXParameters, OCSPWithRespondersParameters oCSPWithRespondersParameters, boolean z, boolean z2) {
        this.y = new de();
        this.w = cfVar;
        this.x = list;
        this.e = pKIXParameters;
        this.t = z;
        this.u = z2;
        if (oCSPWithRespondersParameters != null) {
            this.f = oCSPWithRespondersParameters.getResponderConfigurations();
            this.z = oCSPWithRespondersParameters.getCache();
        } else {
            this.f = null;
            this.z = null;
        }
    }

    private px.a a(pw pwVar, OCSPResponderConfig oCSPResponderConfig, pl plVar, Date date) {
        byte[] item;
        if (this.z != null && (item = this.z.getItem(pwVar.b())) != null) {
            px pxVar = new px(this.w, this.x, item);
            if (!a(pwVar, pxVar, oCSPResponderConfig, plVar, date)) {
                return null;
            }
            px.a b2 = pxVar.b(pwVar.b());
            switch (b2.f()) {
                case 0:
                case 1:
                    if (!de.a()) {
                        return b2;
                    }
                    this.y.a("OCSP response found in OCSP cache.");
                    return b2;
                default:
                    return null;
            }
        }
        return null;
    }

    private OCSPResponderConfig a(String str, pl plVar, List<OCSPResponderConfig> list) {
        OCSPResponderConfig[] oCSPResponderConfigArr = new OCSPResponderConfig[4];
        for (int i = 0; i < list.size(); i++) {
            OCSPResponderConfig oCSPResponderConfig = list.get(i);
            if (oCSPResponderConfig.getOCSPResponderURL() == null) {
                X509Certificate trustedResponderCert = oCSPResponderConfig.getTrustedResponderCert();
                if (trustedResponderCert != null && plVar.a(trustedResponderCert) && oCSPResponderConfigArr[0] == null) {
                    oCSPResponderConfigArr[0] = (OCSPResponderConfig) oCSPResponderConfig.clone();
                    oCSPResponderConfigArr[0].setResponderURL(str);
                } else if (trustedResponderCert != null && trustedResponderCert.getIssuerX500Principal().equals(plVar.c()) && oCSPResponderConfigArr[1] == null) {
                    oCSPResponderConfigArr[1] = (OCSPResponderConfig) oCSPResponderConfig.clone();
                    oCSPResponderConfigArr[1].setResponderURL(str);
                } else if (trustedResponderCert != null && oCSPResponderConfigArr[2] == null) {
                    oCSPResponderConfigArr[2] = (OCSPResponderConfig) oCSPResponderConfig.clone();
                    oCSPResponderConfigArr[2].setResponderURL(str);
                } else if (trustedResponderCert == null && oCSPResponderConfigArr[3] == null) {
                    oCSPResponderConfigArr[3] = (OCSPResponderConfig) oCSPResponderConfig.clone();
                    oCSPResponderConfigArr[3].setResponderURL(str);
                }
            } else if (oCSPResponderConfig.getOCSPResponderURL().equals(str)) {
                list.remove(oCSPResponderConfig);
                return oCSPResponderConfig;
            }
        }
        for (int i2 = 0; i2 < oCSPResponderConfigArr.length; i2++) {
            if (oCSPResponderConfigArr[i2] != null) {
                return oCSPResponderConfigArr[i2];
            }
        }
        return new OCSPResponderConfig(str);
    }

    private X509Certificate a(px pxVar) {
        X509Certificate x509Certificate;
        Iterator<X509Certificate> it = pxVar.b().iterator();
        while (true) {
            if (!it.hasNext()) {
                x509Certificate = null;
                break;
            }
            x509Certificate = it.next();
            if (pxVar.a(x509Certificate)) {
                break;
            }
        }
        return x509Certificate == null ? b(pxVar) : x509Certificate;
    }

    private void a(px.a aVar, pw pwVar, byte[] bArr) {
        if (this.z != null) {
            if (aVar.f() == 0 || aVar.f() == 1) {
                if (de.a()) {
                    this.y.a("Adding OCSP response to OCSP Cache.");
                }
                this.z.updateItem(pwVar.b(), bArr, aVar.b().getTime() - System.currentTimeMillis());
            }
        }
    }

    private boolean a(pw pwVar, px pxVar, OCSPResponderConfig oCSPResponderConfig, pl plVar, Date date) {
        PublicKey publicKey;
        if (!pxVar.c()) {
            this.v = pxVar.d();
            return false;
        }
        X509Certificate trustedResponderCert = oCSPResponderConfig.getTrustedResponderCert();
        if (trustedResponderCert != null) {
            if (!pxVar.a(trustedResponderCert)) {
                this.v = qq.n;
                return false;
            }
            publicKey = trustedResponderCert.getPublicKey();
        } else if (pxVar.a(plVar)) {
            publicKey = plVar.b();
        } else {
            X509Certificate a2 = a(pxVar);
            if (a2 == null) {
                this.v = qq.q;
                return false;
            }
            if (!a2.getIssuerX500Principal().equals(plVar.c())) {
                this.v = qq.r;
                return false;
            }
            List<String> list = null;
            try {
                list = a2.getExtendedKeyUsage();
            } catch (CertificateParsingException e) {
                this.v = "Certificate contained invalid extension: " + e.getMessage();
            }
            if (list == null || !list.contains(ov.dt.toString())) {
                this.v = qq.r;
                return false;
            }
            if (!a(a2, plVar, !(pj.a(a2, ov.cW) != null) && oCSPResponderConfig.isResponderRevocationCheckingEnabled())) {
                return false;
            }
            publicKey = a2.getPublicKey();
        }
        if (!pxVar.a(publicKey)) {
            this.v = qq.p;
            return false;
        }
        if (!pxVar.a(pwVar.c())) {
            this.v = qq.o;
            return false;
        }
        px.a b2 = pxVar.b(pwVar.b());
        if (b2 == null) {
            this.v = qq.f93m;
            return false;
        }
        if (new Date(b2.a().getTime() - (oCSPResponderConfig.getTimeTolerance() * 1000)).after(date)) {
            this.v = qq.j;
            return false;
        }
        if (b2.b() == null || !new Date(b2.b().getTime() + (oCSPResponderConfig.getTimeTolerance() * 1000)).before(date)) {
            return true;
        }
        this.v = qq.l;
        return false;
    }

    private boolean a(X509Certificate x509Certificate, pl plVar, boolean z) {
        try {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSubject(x509Certificate.getSubjectX500Principal().getEncoded());
            HashSet hashSet = new HashSet();
            if (plVar.a() != null) {
                hashSet.add(plVar.a());
            } else {
                hashSet.add(new TrustAnchor(plVar.d(), null));
            }
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            CertStore certStore = CertStore.getInstance(JsafeJCE.COLLECTION, new CollectionCertStoreParameters(Arrays.asList(x509Certificate)), com.rsa.jsafe.provider.b.a(this.w, ka.a));
            pKIXBuilderParameters.setCertStores(this.e.getCertStores());
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setRevocationEnabled(z);
            pKIXBuilderParameters.addCertStore(certStore);
            new qb(this.w, this.x).engineBuild(pKIXBuilderParameters);
            return true;
        } catch (IOException e) {
            this.v = "Could not validate delegated responder certificate: " + e.getMessage();
            return false;
        } catch (GeneralSecurityException e2) {
            this.v = "Could not validate delegated responder certificate: " + e2.getMessage();
            return false;
        }
    }

    private X509Certificate b(px pxVar) {
        Collection<? extends Certificate> certificates;
        X500Principal a2 = pxVar.a();
        List<CertStore> certStores = this.e.getCertStores();
        if (a2 != null) {
            Iterator<TrustAnchor> it = this.e.getTrustAnchors().iterator();
            while (it.hasNext()) {
                X509Certificate trustedCert = it.next().getTrustedCert();
                if (trustedCert != null && pxVar.a(trustedCert)) {
                    return trustedCert;
                }
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            try {
                x509CertSelector.setSubject(a2.getEncoded());
                Iterator<CertStore> it2 = certStores.iterator();
                while (it2.hasNext()) {
                    try {
                        certificates = it2.next().getCertificates(x509CertSelector);
                    } catch (CertStoreException e) {
                    }
                    if (!certificates.isEmpty()) {
                        return (X509Certificate) certificates.iterator().next();
                    }
                    continue;
                }
            } catch (IOException e2) {
                return null;
            }
        } else {
            Iterator<CertStore> it3 = certStores.iterator();
            while (it3.hasNext()) {
                try {
                    Iterator<? extends Certificate> it4 = it3.next().getCertificates(new X509CertSelector()).iterator();
                    while (it4.hasNext()) {
                        X509Certificate x509Certificate = (X509Certificate) it4.next();
                        if (pxVar.a(x509Certificate)) {
                            return x509Certificate;
                        }
                    }
                } catch (CertStoreException e3) {
                }
            }
        }
        return null;
    }

    @Override // com.rsa.cryptoj.o.qq
    public qr a(X509Certificate x509Certificate, pl plVar, Date date) throws InvalidAlgorithmParameterException {
        LinkedHashSet<String> linkedHashSet = new LinkedHashSet();
        if (!this.t) {
            d a2 = pj.a(x509Certificate, ov.cM);
            int c2 = a2 == null ? 0 : a2.c();
            for (int i = 0; i < c2; i++) {
                d a3 = a2.a(i);
                if (a3.a(0).equals(ov.dv.c())) {
                    linkedHashSet.add((String) new os(a3.a(1)).c());
                }
            }
        }
        if (this.u || this.t) {
            Iterator<OCSPResponderConfig> it = this.f.iterator();
            while (it.hasNext()) {
                String oCSPResponderURL = it.next().getOCSPResponderURL();
                if (oCSPResponderURL != null) {
                    linkedHashSet.add(oCSPResponderURL);
                }
            }
        }
        if (!this.t && !this.u && linkedHashSet.isEmpty()) {
            return new qr(2, "No OCSP responders are configured.", ov.cM);
        }
        ArrayList arrayList = new ArrayList();
        if (this.f != null) {
            arrayList.addAll(this.f);
        }
        for (String str : linkedHashSet) {
            OCSPResponderConfig a4 = a(str, plVar, arrayList);
            pw pwVar = new pw(this.w, this.x, x509Certificate, plVar.b(), a4);
            px.a a5 = a(pwVar, a4, plVar, date);
            if (a5 == null) {
                byte[] a6 = a(pwVar, str, a4.getOCSPProxy());
                if (a6 != null) {
                    px pxVar = new px(this.w, this.x, a6);
                    if (a(pwVar, pxVar, a4, plVar, date)) {
                        a5 = pxVar.b(pwVar.b());
                        a(a5, pwVar, a6);
                    } else {
                        continue;
                    }
                } else {
                    continue;
                }
            }
            px.a aVar = a5;
            switch (aVar.f()) {
                case 0:
                    return new qr(0, null, ov.cM);
                case 1:
                    return new qr(1, "Certificate revoked on " + aVar.e() + " for reason: " + pa.e.get(aVar.c()), ov.cM);
                case 2:
                    this.v = qq.k;
                    return new qr(2, qq.k, ov.cM);
            }
        }
        if (this.v == null) {
            this.v = "No valid OCSP Responder URLs specified.";
        }
        return new qr(2, "Could not determine revocation status: " + this.v, ov.cM);
    }

    public String a() {
        return this.v;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [byte[]] */
    /* JADX WARN: Type inference failed for: r0v9, types: [byte[]] */
    /* JADX WARN: Type inference failed for: r2v0 */
    /* JADX WARN: Type inference failed for: r2v1 */
    /* JADX WARN: Type inference failed for: r2v10, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r2v13 */
    /* JADX WARN: Type inference failed for: r2v2 */
    /* JADX WARN: Type inference failed for: r2v3 */
    /* JADX WARN: Type inference failed for: r2v4, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r2v5, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r2v6, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r2v7 */
    /* JADX WARN: Type inference failed for: r2v8 */
    /* JADX WARN: Type inference failed for: r2v9 */
    public byte[] a(pw pwVar, String str, String str2) {
        OutputStream outputStream;
        ?? r2;
        ?? r22;
        byte[] a2;
        URL url;
        HttpURLConnection httpURLConnection;
        byte[] byteArray;
        IOException e = null;
        ?? r23 = 0;
        boolean z = false;
        try {
            try {
                a2 = pwVar.a();
                if (str2 != null) {
                    URL url2 = new URL(str2);
                    url = new URL(url2.getProtocol(), url2.getHost(), url2.getPort(), str);
                } else {
                    url = new URL(str);
                }
                httpURLConnection = (HttpURLConnection) url.openConnection();
                if (co.D() != 0) {
                    httpURLConnection.setConnectTimeout(co.D());
                }
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setRequestMethod("POST");
                httpURLConnection.setRequestProperty(d, c);
                httpURLConnection.setRequestProperty(b, String.valueOf(a2.length));
                outputStream = httpURLConnection.getOutputStream();
            } catch (Throwable th) {
                th = th;
            }
        } catch (IOException e2) {
            e = e2;
            r22 = 0;
            outputStream = null;
        } catch (CertPathValidatorException e3) {
            e = e3;
            r2 = 0;
            outputStream = null;
        } catch (Throwable th2) {
            th = th2;
            r23 = 0;
            outputStream = null;
        }
        try {
            outputStream.write(a2);
            outputStream.flush();
            outputStream.close();
            if (httpURLConnection.getResponseCode() != 200) {
                this.v = "HTTP response code was " + httpURLConnection.getResponseCode();
                if (0 != 0) {
                    try {
                        (z ? 1 : 0).close();
                    } catch (IOException e4) {
                    }
                }
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (IOException e5) {
                    }
                }
                byteArray = null;
            } else {
                r2 = httpURLConnection.getInputStream();
                try {
                    int contentLength = httpURLConnection.getContentLength();
                    if (contentLength != -1) {
                        byteArray = new byte[contentLength];
                        int i = 0;
                        int i2 = 0;
                        while (i2 != -1 && i < contentLength) {
                            int read = r2.read(byteArray, i, byteArray.length - i);
                            i += read;
                            i2 = read;
                        }
                        if (r2 != 0) {
                            try {
                                r2.close();
                            } catch (IOException e6) {
                                e = e6;
                            }
                        }
                        if (outputStream != null) {
                            try {
                                outputStream.close();
                            } catch (IOException e7) {
                                e = e7;
                            }
                        }
                    } else {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        byte[] bArr = new byte[1000];
                        while (true) {
                            int read2 = r2.read(bArr, 0, bArr.length);
                            if (read2 == -1) {
                                break;
                            }
                            byteArrayOutputStream.write(bArr, 0, read2);
                        }
                        dn.a.a(bArr);
                        byteArray = byteArrayOutputStream.toByteArray();
                        if (r2 != 0) {
                            try {
                                r2.close();
                            } catch (IOException e8) {
                                e = e8;
                            }
                        }
                        if (outputStream != null) {
                            try {
                                outputStream.close();
                            } catch (IOException e9) {
                                e = e9;
                            }
                        }
                    }
                } catch (IOException e10) {
                    e = e10;
                    r22 = r2;
                    this.v = e.getMessage();
                    if (r22 != 0) {
                        try {
                            r22.close();
                        } catch (IOException e11) {
                        }
                    }
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (IOException e12) {
                        }
                    }
                    return e;
                } catch (CertPathValidatorException e13) {
                    e = e13;
                    this.v = e.getMessage();
                    if (r2 != 0) {
                        try {
                            r2.close();
                        } catch (IOException e14) {
                        }
                    }
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (IOException e15) {
                        }
                    }
                    return e;
                }
            }
            return byteArray;
        } catch (IOException e16) {
            e = e16;
            r22 = e;
        } catch (CertPathValidatorException e17) {
            e = e17;
            r2 = e;
        } catch (Throwable th3) {
            th = th3;
            r23 = e;
            if (r23 != 0) {
                try {
                    r23.close();
                } catch (IOException e18) {
                }
            }
            if (outputStream == null) {
                throw th;
            }
            try {
                outputStream.close();
                throw th;
            } catch (IOException e19) {
                throw th;
            }
        }
    }
}
