package com.rsa.cryptoj.o;

import com.rsa.cryptoj.o.bd;
import com.rsa.cryptoj.o.iw;
import com.rsa.jcp.OCSPResponderConfig;
import com.rsa.jcp.OCSPWithRespondersParameters;
import com.rsa.jsafe.provider.JsafeJCE;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:META-INF/lib/cryptojcommon-6.0.0.jar:com/rsa/cryptoj/o/pi.class */
public class pi implements aa {
    private static final int l = 1000;
    private static final String m = "Content-length";
    private static final String n = "application/ocsp-request";
    private static final String o = "Content-type";
    private final PKIXParameters p;
    private final List<OCSPResponderConfig> q;
    private final boolean r;
    private boolean s;
    private String t;
    private final gc u;
    private final List<nm> v;

    public pi(gc gcVar, List<nm> list) {
        this(gcVar, list, null, null, false, false);
    }

    public pi(gc gcVar, List<nm> list, PKIXParameters pKIXParameters) {
        this(gcVar, list, pKIXParameters, null, false, false);
    }

    public pi(gc gcVar, List<nm> list, PKIXParameters pKIXParameters, OCSPResponderConfig oCSPResponderConfig) {
        this(gcVar, list, pKIXParameters, Arrays.asList(oCSPResponderConfig), oCSPResponderConfig.getOCSPResponderURL() != null, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public pi(gc gcVar, List<nm> list, PKIXParameters pKIXParameters, OCSPWithRespondersParameters oCSPWithRespondersParameters) {
        this(gcVar, list, pKIXParameters, oCSPWithRespondersParameters.getResponderConfigurations(), oCSPWithRespondersParameters.isOverrideAIAEnabled(), oCSPWithRespondersParameters.isSupplementAIAEnabled());
    }

    private pi(gc gcVar, List<nm> list, PKIXParameters pKIXParameters, List list2, boolean z, boolean z2) {
        this.u = gcVar;
        this.v = list;
        this.p = pKIXParameters;
        this.q = list2;
        this.r = z;
        this.s = z2;
    }

    @Override // com.rsa.cryptoj.o.aa
    public void a(X509Certificate x509Certificate, nf nfVar, Date date) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        je jeVar;
        byte[] a;
        ArrayList<String> arrayList = new ArrayList();
        nj a2 = ot.a(x509Certificate, ks.cE);
        int a3 = a2 == null ? 0 : a2.a();
        for (int i = 0; i < a3; i++) {
            nj a4 = a2.a(i);
            if (a4.a(0).equals(ks.dn.c())) {
                arrayList.add(new lv(a4.a(1)).c());
            }
        }
        if (!this.s && this.r) {
            this.s = true;
        }
        ArrayList arrayList2 = new ArrayList();
        if (this.q != null) {
            arrayList2.addAll(this.q);
        }
        if (!this.r && !this.s && arrayList.isEmpty()) {
            this.t = "No OCSP responders are configured.";
        }
        if (!this.r) {
            for (String str : arrayList) {
                OCSPResponderConfig a5 = a(str, nfVar, arrayList2);
                je jeVar2 = new je(this.u, this.v, x509Certificate, nfVar.b(), a5);
                byte[] a6 = a(jeVar2, str, a5.getOCSPProxy());
                if (a6 != null) {
                    iw iwVar = new iw(this.u, this.v, a6);
                    if (a(jeVar2, iwVar, a5, nfVar, date)) {
                        iw.a b = iwVar.b(jeVar2.b());
                        switch (b.f()) {
                            case 0:
                                return;
                            case 1:
                                throw new pk("Certificate revoked on " + b.e() + " for reason: " + iv.e.get(b.c()));
                            case 2:
                                this.t = aa.d;
                                throw new CertPathValidatorException(aa.b);
                        }
                    }
                    continue;
                }
            }
        }
        if (this.s) {
            for (OCSPResponderConfig oCSPResponderConfig : arrayList2) {
                String oCSPResponderURL = oCSPResponderConfig.getOCSPResponderURL();
                if (oCSPResponderURL != null && (a = a((jeVar = new je(this.u, this.v, x509Certificate, nfVar.b(), oCSPResponderConfig)), oCSPResponderURL, oCSPResponderConfig.getOCSPProxy())) != null) {
                    iw iwVar2 = new iw(this.u, this.v, a);
                    if (a(jeVar, iwVar2, oCSPResponderConfig, nfVar, date)) {
                        iw.a b2 = iwVar2.b(jeVar.b());
                        switch (b2.f()) {
                            case 0:
                                return;
                            case 1:
                                throw new pk("Certificate revoked on " + b2.e() + " for reason: " + iv.e.get(b2.c()));
                            case 2:
                                this.t = aa.d;
                                throw new CertPathValidatorException(aa.b);
                            default:
                                throw new CertPathValidatorException(aa.k);
                        }
                    }
                }
            }
        }
        if (this.t == null) {
            this.t = "No OCSP Responder URLs specified.";
        }
        throw new CertPathValidatorException("Could not determine revocation status: " + this.t);
    }

    private boolean a(je jeVar, iw iwVar, OCSPResponderConfig oCSPResponderConfig, nf nfVar, Date date) {
        PublicKey publicKey;
        if (!iwVar.c()) {
            this.t = iwVar.d();
            return false;
        }
        X509Certificate trustedResponderCert = oCSPResponderConfig.getTrustedResponderCert();
        if (trustedResponderCert != null) {
            if (!iwVar.a(trustedResponderCert)) {
                this.t = aa.f;
                return false;
            }
            publicKey = trustedResponderCert.getPublicKey();
        } else if (iwVar.a(nfVar)) {
            publicKey = nfVar.b();
        } else {
            X509Certificate a = a(iwVar);
            if (a == null) {
                this.t = aa.i;
                return false;
            }
            if (!a.getIssuerX500Principal().equals(nfVar.c())) {
                this.t = aa.j;
                return false;
            }
            List<String> list = null;
            try {
                list = a.getExtendedKeyUsage();
            } catch (CertificateParsingException e) {
                this.t = "Certificate contained invalid extension: " + e.getMessage();
            }
            if (list == null || !list.contains(ks.dl.toString())) {
                this.t = aa.j;
                return false;
            }
            if (!a(a, nfVar, !(ot.a(a, ks.cO) != null) && oCSPResponderConfig.isResponderRevocationCheckingEnabled())) {
                return false;
            }
            publicKey = a.getPublicKey();
        }
        if (!iwVar.a(publicKey)) {
            this.t = aa.h;
            return false;
        }
        if (!iwVar.a(jeVar.c())) {
            this.t = aa.g;
            return false;
        }
        iw.a b = iwVar.b(jeVar.b());
        if (b == null) {
            this.t = aa.e;
            return false;
        }
        if (new Date(b.a().getTime() - (oCSPResponderConfig.getTimeTolerance() * l)).after(date)) {
            this.t = aa.a;
            return false;
        }
        if (b.b() == null || !new Date(b.b().getTime() + (oCSPResponderConfig.getTimeTolerance() * l)).before(date)) {
            return true;
        }
        this.t = aa.c;
        return false;
    }

    private X509Certificate a(iw iwVar) {
        X509Certificate x509Certificate = null;
        Iterator it = iwVar.b().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509Certificate x509Certificate2 = (X509Certificate) it.next();
            if (iwVar.a(x509Certificate2)) {
                x509Certificate = x509Certificate2;
                break;
            }
        }
        if (x509Certificate == null) {
            x509Certificate = b(iwVar);
        }
        return x509Certificate;
    }

    private X509Certificate b(iw iwVar) {
        Collection<? extends Certificate> certificates;
        X500Principal a = iwVar.a();
        List<CertStore> certStores = this.p.getCertStores();
        if (a == null) {
            Iterator<CertStore> it = certStores.iterator();
            while (it.hasNext()) {
                try {
                    for (Certificate certificate : it.next().getCertificates(new X509CertSelector())) {
                        if ((certificate instanceof X509Certificate) && iwVar.a((X509Certificate) certificate)) {
                            return (X509Certificate) certificate;
                        }
                    }
                } catch (CertStoreException e) {
                }
            }
            return null;
        }
        Iterator<TrustAnchor> it2 = this.p.getTrustAnchors().iterator();
        while (it2.hasNext()) {
            X509Certificate trustedCert = it2.next().getTrustedCert();
            if (trustedCert != null && iwVar.a(trustedCert)) {
                return trustedCert;
            }
        }
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(a.getEncoded());
            Iterator<CertStore> it3 = certStores.iterator();
            while (it3.hasNext()) {
                try {
                    certificates = it3.next().getCertificates(x509CertSelector);
                } catch (CertStoreException e2) {
                }
                if (!certificates.isEmpty()) {
                    return (X509Certificate) certificates.iterator().next();
                }
                continue;
            }
            return null;
        } catch (IOException e3) {
            return null;
        }
    }

    private boolean a(X509Certificate x509Certificate, nf nfVar, boolean z) {
        try {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSubject(x509Certificate.getSubjectX500Principal().getEncoded());
            HashSet hashSet = new HashSet();
            if (nfVar.a() != null) {
                hashSet.add(nfVar.a());
            } else {
                hashSet.add(new TrustAnchor(nfVar.d(), null));
            }
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            CertStore certStore = CertStore.getInstance(JsafeJCE.COLLECTION, new CollectionCertStoreParameters(Arrays.asList(x509Certificate)), com.rsa.jsafe.provider.b.a(this.u, ak.a));
            pKIXBuilderParameters.setCertStores(this.p.getCertStores());
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setRevocationEnabled(z);
            pKIXBuilderParameters.addCertStore(certStore);
            new ew(this.u, this.v).engineBuild(pKIXBuilderParameters);
            return true;
        } catch (IOException e) {
            this.t = "Could not validate delegated responder certificate: " + e.getMessage();
            return false;
        } catch (GeneralSecurityException e2) {
            this.t = "Could not validate delegated responder certificate: " + e2.getMessage();
            return false;
        }
    }

    private OCSPResponderConfig a(String str, nf nfVar, List<OCSPResponderConfig> list) {
        OCSPResponderConfig[] oCSPResponderConfigArr = new OCSPResponderConfig[4];
        for (int i = 0; i < list.size(); i++) {
            OCSPResponderConfig oCSPResponderConfig = list.get(i);
            if (oCSPResponderConfig.getOCSPResponderURL() == null) {
                X509Certificate trustedResponderCert = oCSPResponderConfig.getTrustedResponderCert();
                if (trustedResponderCert != null && nfVar.a(trustedResponderCert) && oCSPResponderConfigArr[0] == null) {
                    oCSPResponderConfigArr[0] = (OCSPResponderConfig) oCSPResponderConfig.clone();
                    oCSPResponderConfigArr[0].setResponderURL(str);
                } else if (trustedResponderCert != null && trustedResponderCert.getIssuerX500Principal().equals(nfVar.c()) && oCSPResponderConfigArr[1] == null) {
                    oCSPResponderConfigArr[1] = (OCSPResponderConfig) oCSPResponderConfig.clone();
                    oCSPResponderConfigArr[1].setResponderURL(str);
                } else if (trustedResponderCert != null && oCSPResponderConfigArr[2] == null) {
                    oCSPResponderConfigArr[2] = (OCSPResponderConfig) oCSPResponderConfig.clone();
                    oCSPResponderConfigArr[2].setResponderURL(str);
                } else if (trustedResponderCert == null && oCSPResponderConfigArr[3] == null) {
                    oCSPResponderConfigArr[3] = (OCSPResponderConfig) oCSPResponderConfig.clone();
                    oCSPResponderConfigArr[3].setResponderURL(str);
                }
            } else if (oCSPResponderConfig.getOCSPResponderURL().equals(str)) {
                list.remove(oCSPResponderConfig);
                return oCSPResponderConfig;
            }
        }
        for (int i2 = 0; i2 < 4; i2++) {
            if (oCSPResponderConfigArr[i2] != null) {
                return oCSPResponderConfigArr[i2];
            }
        }
        return new OCSPResponderConfig(str);
    }

    public byte[] a(je jeVar, String str, String str2) {
        URL url;
        OutputStream outputStream = null;
        InputStream inputStream = null;
        try {
            try {
                byte[] a = jeVar.a();
                if (str2 != null) {
                    URL url2 = new URL(str2);
                    url = new URL(url2.getProtocol(), url2.getHost(), url2.getPort(), str);
                } else {
                    url = new URL(str);
                }
                HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setRequestMethod("POST");
                httpURLConnection.setRequestProperty(o, n);
                httpURLConnection.setRequestProperty(m, String.valueOf(a.length));
                OutputStream outputStream2 = httpURLConnection.getOutputStream();
                outputStream2.write(a);
                outputStream2.flush();
                outputStream2.close();
                if (httpURLConnection.getResponseCode() != 200) {
                    this.t = "HTTP response code was " + httpURLConnection.getResponseCode();
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    if (outputStream2 != null) {
                        try {
                            outputStream2.close();
                        } catch (IOException e2) {
                        }
                    }
                    return null;
                }
                InputStream inputStream2 = httpURLConnection.getInputStream();
                int contentLength = httpURLConnection.getContentLength();
                int i = 0;
                if (contentLength != -1) {
                    int i2 = 0;
                    byte[] bArr = new byte[contentLength];
                    while (i != -1 && i2 < contentLength) {
                        i = inputStream2.read(bArr, i2, bArr.length - i2);
                        i2 += i;
                    }
                    if (inputStream2 != null) {
                        try {
                            inputStream2.close();
                        } catch (IOException e3) {
                        }
                    }
                    if (outputStream2 != null) {
                        try {
                            outputStream2.close();
                        } catch (IOException e4) {
                        }
                    }
                    return bArr;
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byte[] bArr2 = new byte[l];
                while (true) {
                    int read = inputStream2.read(bArr2, 0, bArr2.length);
                    if (read == -1) {
                        break;
                    }
                    byteArrayOutputStream.write(bArr2, 0, read);
                }
                bd.a.a(bArr2);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (inputStream2 != null) {
                    try {
                        inputStream2.close();
                    } catch (IOException e5) {
                    }
                }
                if (outputStream2 != null) {
                    try {
                        outputStream2.close();
                    } catch (IOException e6) {
                    }
                }
                return byteArray;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException e7) {
                    }
                }
                if (0 != 0) {
                    try {
                        outputStream.close();
                    } catch (IOException e8) {
                    }
                }
                throw th;
            }
        } catch (IOException e9) {
            this.t = e9.getMessage();
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e10) {
                }
            }
            if (0 != 0) {
                try {
                    outputStream.close();
                } catch (IOException e11) {
                }
            }
            return null;
        } catch (CertPathValidatorException e12) {
            this.t = e12.getMessage();
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e13) {
                }
            }
            if (0 != 0) {
                try {
                    outputStream.close();
                } catch (IOException e14) {
                }
            }
            return null;
        }
    }

    public String a() {
        return this.t;
    }
}
