package com.rsa.cryptoj.o;

import com.rsa.crypto.ParamNames;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:META-INF/lib/cryptojcommon-6.0.0.jar:com/rsa/cryptoj/o/iw.class */
public class iw {
    public static final int a = -1;
    public static final int b = 0;
    public static final int c = 1;
    public static final int d = 2;
    private String e;
    private boolean f;
    private byte[] g;
    private ai h;
    private byte[] i;
    private X500Principal k;
    private byte[] l;
    private byte[] n;
    private final gc o;
    private final List<nm> p;
    private final List j = new ArrayList();
    private final List m = new ArrayList();

    /* loaded from: input_file:META-INF/lib/cryptojcommon-6.0.0.jar:com/rsa/cryptoj/o/iw$a.class */
    public class a {
        private final byte[] b;
        private final ai c;
        private final int d;
        private final Date e;
        private Date f;
        private Date g;
        private int h;

        public a(nj njVar, Date date, Date date2, boolean z, nj njVar2) {
            this.h = -1;
            this.b = ir.c(njVar);
            this.c = new ai(njVar.a("hashAlgorithm"));
            this.e = (Date) date.clone();
            if (date2 != null) {
                this.f = (Date) date2.clone();
            }
            this.d = z ? 2 : 0;
            a(njVar2);
        }

        public a(nj njVar, Date date, int i, Date date2, Date date3, nj njVar2) {
            this.h = -1;
            this.b = ir.c(njVar);
            this.c = new ai(njVar.a("hashAlgorithm"));
            this.g = date;
            this.e = (Date) date2.clone();
            if (date3 != null) {
                this.f = (Date) date3.clone();
            }
            this.d = 1;
            this.h = i;
            a(njVar2);
        }

        private void a(nj njVar) {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Date a() {
            return (Date) this.e.clone();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Date b() {
            if (this.f == null) {
                return null;
            }
            return (Date) this.f.clone();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int c() {
            return this.h;
        }

        ai d() {
            return this.c;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Date e() {
            return (Date) this.g.clone();
        }

        public int f() {
            return this.d;
        }
    }

    public iw(gc gcVar, List<nm> list, byte[] bArr) {
        this.o = gcVar;
        this.p = list;
        try {
            nj a2 = ir.a("OCSPResponse", bArr, 0);
            int e = ((gh) a2.a("responseStatus")).e();
            if (e != 0) {
                this.e = "OCSP response status was not successful (" + e + ")";
                return;
            }
            nj a3 = a2.a("responseBytes");
            if (a3 == null) {
                this.e = "OCSP response did not not contain status information.";
                return;
            }
            if (!a3.a("responseType").equals(ks.f0do.c())) {
                this.e = "Only basic OCSP responders are supported";
                return;
            }
            ByteBuffer e2 = ((mw) a3.a("response")).e();
            nj a4 = ir.a("BasicOCSPResponse", e2);
            if (a(a4.a("tbsResponseData"))) {
                this.h = new ai(a4.a("signatureAlgorithm"));
                this.i = ((ps) a4.a("signature")).b();
                nj a5 = a4.a("certs");
                int a6 = a5 == null ? 0 : a5.a();
                e2.rewind();
                ir.c(e2);
                this.g = ((oo) ir.a((pp) mt.a, e2)).d();
                ir.a(e2);
                ir.a(e2);
                if (e2.remaining() > 0) {
                    ir.c(e2);
                    ir.c(e2);
                    for (int i = 0; i < a6; i++) {
                        try {
                            this.j.add(cd.a(gcVar, list, ir.a(e2)));
                        } catch (CertificateException e3) {
                            this.e = "Error reading certificates.";
                            return;
                        }
                    }
                }
                this.f = true;
            }
        } catch (ey e4) {
            this.e = "Invalid OCSP response.";
        }
    }

    public X500Principal a() {
        return this.k;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List b() {
        return this.j;
    }

    private boolean a(nj njVar) {
        nj a2 = njVar.a(ParamNames.VERSION);
        if (a2 != null && ((mx) a2).e() != 0) {
            this.e = "Only OCSP version 1 is supported.";
            return false;
        }
        nj a3 = njVar.a("responderID");
        if (ir.f(a3.g().e()) == 1) {
            ByteBuffer wrap = ByteBuffer.wrap(ir.a(a3));
            ir.c(wrap);
            byte[] bArr = new byte[wrap.remaining()];
            wrap.get(bArr);
            this.k = new X500Principal(bArr);
        } else {
            this.l = ((mw) a3).d();
        }
        nj a4 = njVar.a("responses");
        for (int i = 0; i < a4.a(); i++) {
            if (!c(a4.a(i))) {
                return false;
            }
        }
        b(njVar.a("responseExtensions"));
        return true;
    }

    private void b(nj njVar) {
        if (njVar == null) {
            return;
        }
        this.n = new lb(njVar, 4).a(ks.cW.toString());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(X509Certificate x509Certificate) {
        return this.k != null ? this.k.equals(x509Certificate.getSubjectX500Principal()) : Arrays.equals(this.l, fv.a(x509Certificate.getPublicKey(), false, this.o, this.p)) || Arrays.equals(this.l, fv.a(x509Certificate.getPublicKey(), this.o, this.p));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(nf nfVar) {
        return nfVar.d() != null ? a(nfVar.d()) : this.k != null ? this.k.equals(nfVar.c()) : Arrays.equals(this.l, fv.a(nfVar.b(), false, this.o, this.p)) || Arrays.equals(this.l, fv.a(nfVar.b(), this.o, this.p));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(byte[] bArr) {
        if ((bArr == null && this.n == null) || bArr == null) {
            return true;
        }
        if (this.n == null) {
            return false;
        }
        return Arrays.equals(this.n, ir.a(ir.a((pp) fp.a, (Object) bArr)));
    }

    private boolean c(nj njVar) {
        a aVar;
        nj a2 = njVar.a("certStatus");
        int f = ir.f(a2.g().g());
        Date d2 = ((kp) njVar.a("thisUpdate")).d();
        Date d3 = njVar.a("nextUpdate") == null ? null : ((kp) njVar.a("nextUpdate")).d();
        if (f == 1) {
            gh ghVar = (gh) a2.a("revocationReason");
            aVar = new a(njVar.a("certID"), ((kp) a2.a("revocationTime")).d(), ghVar == null ? 0 : ghVar.e(), d2, d3, njVar.a("singleExtensions"));
        } else {
            aVar = new a(njVar.a("certID"), d2, d3, f == 2, njVar.a("singleExtensions"));
        }
        if (aVar.d().d().a()) {
            this.e = "OCSP response uses unsupported message digest algorithm.";
            return false;
        }
        this.m.add(aVar);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(PublicKey publicKey) {
        try {
            k c2 = da.c(this.h.c(), this.o, this.p);
            c2.initVerify(publicKey);
            c2.update(this.g);
            return c2.verify(this.i);
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    public boolean c() {
        return this.f;
    }

    public a a(X509Certificate x509Certificate, PublicKey publicKey) throws InvalidAlgorithmParameterException {
        for (int i = 0; i < this.m.size(); i++) {
            a aVar = (a) this.m.get(i);
            if (Arrays.equals(fv.a(this.o, this.p, aVar.d().c(), x509Certificate, publicKey), aVar.b)) {
                return aVar;
            }
        }
        return null;
    }

    public a b(byte[] bArr) {
        for (int i = 0; i < this.m.size(); i++) {
            a aVar = (a) this.m.get(i);
            if (Arrays.equals(bArr, aVar.b)) {
                return aVar;
            }
        }
        return null;
    }

    public String d() {
        return this.e;
    }
}
