package com.rsa.cryptoj.o;

import com.rsa.cryptoj.o.dn;
import com.rsa.cryptoj.o.px;
import com.rsa.jcp.OCSPResponderConfig;
import com.rsa.jcp.OCSPWithRespondersParameters;
import com.rsa.jsafe.provider.CacheInterface;
import com.rsa.jsafe.provider.JsafeJCE;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class pz implements qq {

    /* renamed from: a, reason: collision with root package name */
    private static final int f3390a = 1000;

    /* renamed from: b, reason: collision with root package name */
    private static final String f3391b = "Content-length";

    /* renamed from: c, reason: collision with root package name */
    private static final String f3392c = "application/ocsp-request";

    /* renamed from: d, reason: collision with root package name */
    private static final String f3393d = "Content-type";

    /* renamed from: e, reason: collision with root package name */
    private final PKIXParameters f3394e;
    private final List<OCSPResponderConfig> f;
    private final boolean t;
    private final boolean u;
    private String v;
    private final cf w;
    private final List<ca> x;
    private final de y;
    private final CacheInterface z;

    public pz(cf cfVar, List<ca> list) {
        this(cfVar, list, null, null, false, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public pz(cf cfVar, List<ca> list, PKIXParameters pKIXParameters, OCSPWithRespondersParameters oCSPWithRespondersParameters) {
        this(cfVar, list, pKIXParameters, oCSPWithRespondersParameters, oCSPWithRespondersParameters.isOverrideAIAEnabled(), oCSPWithRespondersParameters.isSupplementAIAEnabled());
    }

    private pz(cf cfVar, List<ca> list, PKIXParameters pKIXParameters, OCSPWithRespondersParameters oCSPWithRespondersParameters, boolean z, boolean z2) {
        CacheInterface cacheInterface;
        this.y = new de();
        this.w = cfVar;
        this.x = list;
        this.f3394e = pKIXParameters;
        this.t = z;
        this.u = z2;
        if (oCSPWithRespondersParameters != null) {
            this.f = oCSPWithRespondersParameters.getResponderConfigurations();
            cacheInterface = oCSPWithRespondersParameters.getCache();
        } else {
            cacheInterface = null;
            this.f = null;
        }
        this.z = cacheInterface;
    }

    private px.a a(pw pwVar, OCSPResponderConfig oCSPResponderConfig, pl plVar, Date date) {
        byte[] item;
        CacheInterface cacheInterface = this.z;
        if (cacheInterface == null || (item = cacheInterface.getItem(pwVar.b())) == null) {
            return null;
        }
        px pxVar = new px(this.w, this.x, item);
        if (!a(pwVar, pxVar, oCSPResponderConfig, plVar, date)) {
            return null;
        }
        px.a b2 = pxVar.b(pwVar.b());
        int f = b2.f();
        if (f != 0 && f != 1) {
            return null;
        }
        if (de.a()) {
            this.y.a("OCSP response found in OCSP cache.");
        }
        return b2;
    }

    private OCSPResponderConfig a(String str, pl plVar, List<OCSPResponderConfig> list) {
        OCSPResponderConfig oCSPResponderConfig;
        OCSPResponderConfig[] oCSPResponderConfigArr = new OCSPResponderConfig[4];
        for (int i = 0; i < list.size(); i++) {
            OCSPResponderConfig oCSPResponderConfig2 = list.get(i);
            if (oCSPResponderConfig2.getOCSPResponderURL() == null) {
                X509Certificate trustedResponderCert = oCSPResponderConfig2.getTrustedResponderCert();
                if (trustedResponderCert != null && plVar.a(trustedResponderCert) && oCSPResponderConfigArr[0] == null) {
                    oCSPResponderConfigArr[0] = (OCSPResponderConfig) oCSPResponderConfig2.clone();
                    oCSPResponderConfig = oCSPResponderConfigArr[0];
                } else if (trustedResponderCert != null && trustedResponderCert.getIssuerX500Principal().equals(plVar.c()) && oCSPResponderConfigArr[1] == null) {
                    oCSPResponderConfigArr[1] = (OCSPResponderConfig) oCSPResponderConfig2.clone();
                    oCSPResponderConfig = oCSPResponderConfigArr[1];
                } else if (trustedResponderCert != null && oCSPResponderConfigArr[2] == null) {
                    oCSPResponderConfigArr[2] = (OCSPResponderConfig) oCSPResponderConfig2.clone();
                    oCSPResponderConfig = oCSPResponderConfigArr[2];
                } else if (trustedResponderCert == null && oCSPResponderConfigArr[3] == null) {
                    oCSPResponderConfigArr[3] = (OCSPResponderConfig) oCSPResponderConfig2.clone();
                    oCSPResponderConfig = oCSPResponderConfigArr[3];
                }
                oCSPResponderConfig.setResponderURL(str);
            } else if (oCSPResponderConfig2.getOCSPResponderURL().equals(str)) {
                list.remove(oCSPResponderConfig2);
                return oCSPResponderConfig2;
            }
        }
        for (int i2 = 0; i2 < oCSPResponderConfigArr.length; i2++) {
            if (oCSPResponderConfigArr[i2] != null) {
                return oCSPResponderConfigArr[i2];
            }
        }
        return new OCSPResponderConfig(str);
    }

    private X509Certificate a(px pxVar) {
        X509Certificate x509Certificate;
        Iterator<X509Certificate> it = pxVar.b().iterator();
        while (true) {
            if (!it.hasNext()) {
                x509Certificate = null;
                break;
            }
            x509Certificate = it.next();
            if (pxVar.a(x509Certificate)) {
                break;
            }
        }
        return x509Certificate == null ? b(pxVar) : x509Certificate;
    }

    private void a(px.a aVar, pw pwVar, byte[] bArr) {
        if (this.z != null) {
            if (aVar.f() == 0 || aVar.f() == 1) {
                if (de.a()) {
                    this.y.a("Adding OCSP response to OCSP Cache.");
                }
                this.z.updateItem(pwVar.b(), bArr, aVar.b().getTime() - System.currentTimeMillis());
            }
        }
    }

    private boolean a(pw pwVar, px pxVar, OCSPResponderConfig oCSPResponderConfig, pl plVar, Date date) {
        String str;
        PublicKey b2;
        if (pxVar.c()) {
            X509Certificate trustedResponderCert = oCSPResponderConfig.getTrustedResponderCert();
            if (trustedResponderCert != null) {
                if (!pxVar.a(trustedResponderCert)) {
                    str = qq.n;
                }
                b2 = trustedResponderCert.getPublicKey();
            } else if (pxVar.a(plVar)) {
                b2 = plVar.b();
            } else {
                trustedResponderCert = a(pxVar);
                if (trustedResponderCert == null) {
                    str = qq.q;
                } else {
                    if (!trustedResponderCert.getIssuerX500Principal().equals(plVar.c())) {
                        this.v = qq.r;
                        return false;
                    }
                    List<String> list = null;
                    try {
                        list = trustedResponderCert.getExtendedKeyUsage();
                    } catch (CertificateParsingException e2) {
                        this.v = "Certificate contained invalid extension: " + e2.getMessage();
                    }
                    if (list == null || !list.contains(ov.dt.toString())) {
                        this.v = qq.r;
                        return false;
                    }
                    if (!a(trustedResponderCert, plVar, !(pj.a(trustedResponderCert, ov.cW) != null) && oCSPResponderConfig.isResponderRevocationCheckingEnabled())) {
                        return false;
                    }
                    b2 = trustedResponderCert.getPublicKey();
                }
            }
            if (!pxVar.a(b2)) {
                str = qq.p;
            } else if (pxVar.a(pwVar.c())) {
                px.a b3 = pxVar.b(pwVar.b());
                if (b3 == null) {
                    str = qq.m;
                } else if (new Date(b3.a().getTime() - (oCSPResponderConfig.getTimeTolerance() * f3390a)).after(date)) {
                    str = qq.j;
                } else {
                    if (b3.b() == null || !new Date(b3.b().getTime() + (oCSPResponderConfig.getTimeTolerance() * f3390a)).before(date)) {
                        return true;
                    }
                    str = qq.l;
                }
            } else {
                str = qq.o;
            }
        } else {
            str = pxVar.d();
        }
        this.v = str;
        return false;
    }

    private boolean a(X509Certificate x509Certificate, pl plVar, boolean z) {
        StringBuilder sb;
        String message;
        try {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSubject(x509Certificate.getSubjectX500Principal().getEncoded());
            HashSet hashSet = new HashSet();
            if (plVar.a() != null) {
                hashSet.add(plVar.a());
            } else {
                hashSet.add(new TrustAnchor(plVar.d(), null));
            }
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            CertStore certStore = CertStore.getInstance(JsafeJCE.COLLECTION, new CollectionCertStoreParameters(Arrays.asList(x509Certificate)), com.rsa.jsafe.provider.b.a(this.w, ka.f2932a));
            pKIXBuilderParameters.setCertStores(this.f3394e.getCertStores());
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setRevocationEnabled(z);
            pKIXBuilderParameters.addCertStore(certStore);
            new qb(this.w, this.x).engineBuild(pKIXBuilderParameters);
            return true;
        } catch (IOException e2) {
            sb = new StringBuilder();
            sb.append("Could not validate delegated responder certificate: ");
            message = e2.getMessage();
            sb.append(message);
            this.v = sb.toString();
            return false;
        } catch (GeneralSecurityException e3) {
            sb = new StringBuilder();
            sb.append("Could not validate delegated responder certificate: ");
            message = e3.getMessage();
            sb.append(message);
            this.v = sb.toString();
            return false;
        }
    }

    private X509Certificate b(px pxVar) {
        Collection<? extends Certificate> certificates;
        X500Principal a2 = pxVar.a();
        List<CertStore> certStores = this.f3394e.getCertStores();
        if (a2 != null) {
            Iterator<TrustAnchor> it = this.f3394e.getTrustAnchors().iterator();
            while (it.hasNext()) {
                X509Certificate trustedCert = it.next().getTrustedCert();
                if (trustedCert != null && pxVar.a(trustedCert)) {
                    return trustedCert;
                }
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            try {
                x509CertSelector.setSubject(a2.getEncoded());
                Iterator<CertStore> it2 = certStores.iterator();
                while (it2.hasNext()) {
                    try {
                        certificates = it2.next().getCertificates(x509CertSelector);
                    } catch (CertStoreException unused) {
                    }
                    if (!certificates.isEmpty()) {
                        return (X509Certificate) certificates.iterator().next();
                    }
                    continue;
                }
            } catch (IOException unused2) {
                return null;
            }
        } else {
            Iterator<CertStore> it3 = certStores.iterator();
            while (it3.hasNext()) {
                try {
                    Iterator<? extends Certificate> it4 = it3.next().getCertificates(new X509CertSelector()).iterator();
                    while (it4.hasNext()) {
                        X509Certificate x509Certificate = (X509Certificate) it4.next();
                        if (pxVar.a(x509Certificate)) {
                            return x509Certificate;
                        }
                    }
                } catch (CertStoreException unused3) {
                }
            }
        }
        return null;
    }

    @Override // com.rsa.cryptoj.o.qq
    public qr a(X509Certificate x509Certificate, pl plVar, Date date) throws InvalidAlgorithmParameterException {
        ArrayList arrayList;
        int i;
        px.a aVar;
        LinkedHashSet<String> linkedHashSet = new LinkedHashSet();
        if (!this.t) {
            d a2 = pj.a(x509Certificate, ov.cM);
            int c2 = a2 == null ? 0 : a2.c();
            for (int i2 = 0; i2 < c2; i2++) {
                d a3 = a2.a(i2);
                if (a3.a(0).equals(ov.dv.c())) {
                    linkedHashSet.add((String) new os(a3.a(1)).c());
                }
            }
        }
        if (this.u || this.t) {
            Iterator<OCSPResponderConfig> it = this.f.iterator();
            while (it.hasNext()) {
                String oCSPResponderURL = it.next().getOCSPResponderURL();
                if (oCSPResponderURL != null) {
                    linkedHashSet.add(oCSPResponderURL);
                }
            }
        }
        int i3 = 2;
        if (!this.t && !this.u && linkedHashSet.isEmpty()) {
            return new qr(2, "No OCSP responders are configured.", ov.cM);
        }
        ArrayList arrayList2 = new ArrayList();
        List<OCSPResponderConfig> list = this.f;
        if (list != null) {
            arrayList2.addAll(list);
        }
        for (String str : linkedHashSet) {
            OCSPResponderConfig a4 = a(str, plVar, arrayList2);
            pw pwVar = new pw(this.w, this.x, x509Certificate, plVar.b(), a4);
            px.a a5 = a(pwVar, a4, plVar, date);
            if (a5 == null) {
                byte[] a6 = a(pwVar, str, a4.getOCSPProxy());
                if (a6 == null) {
                    continue;
                } else {
                    px pxVar = new px(this.w, this.x, a6);
                    arrayList = arrayList2;
                    i = i3;
                    if (a(pwVar, pxVar, a4, plVar, date)) {
                        aVar = pxVar.b(pwVar.b());
                        a(aVar, pwVar, a6);
                    }
                    i3 = i;
                    arrayList2 = arrayList;
                }
            } else {
                arrayList = arrayList2;
                i = i3;
                aVar = a5;
            }
            int f = aVar.f();
            if (f == 0) {
                return new qr(0, null, ov.cM);
            }
            if (f == 1) {
                return new qr(1, "Certificate revoked on " + aVar.e() + " for reason: " + pa.f3319e.get(aVar.c()), ov.cM);
            }
            if (f == i) {
                this.v = qq.k;
                return new qr(i, qq.k, ov.cM);
            }
            i3 = i;
            arrayList2 = arrayList;
        }
        int i4 = i3;
        if (this.v == null) {
            this.v = "No valid OCSP Responder URLs specified.";
        }
        return new qr(i4, "Could not determine revocation status: " + this.v, ov.cM);
    }

    public String a() {
        return this.v;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1 */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r0v3 */
    /* JADX WARN: Type inference failed for: r0v4 */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r9v1 */
    /* JADX WARN: Type inference failed for: r9v14, types: [java.io.OutputStream] */
    /* JADX WARN: Type inference failed for: r9v4, types: [java.io.OutputStream] */
    public byte[] a(pw pwVar, String str, String str2) {
        InputStream inputStream;
        OutputStream outputStream;
        InputStream inputStream2;
        OutputStream outputStream2;
        URL url;
        ?? r0 = 0;
        r0 = 0;
        try {
            try {
                byte[] a2 = pwVar.a();
                if (str2 != 0) {
                    URL url2 = new URL(str2);
                    url = new URL(url2.getProtocol(), url2.getHost(), url2.getPort(), str);
                } else {
                    url = new URL(str);
                }
                HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                if (co.D() != 0) {
                    httpURLConnection.setConnectTimeout(co.D());
                }
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setRequestMethod("POST");
                httpURLConnection.setRequestProperty(f3393d, f3392c);
                httpURLConnection.setRequestProperty(f3391b, String.valueOf(a2.length));
                str2 = httpURLConnection.getOutputStream();
                try {
                    str2.write(a2);
                    str2.flush();
                    str2.close();
                    if (httpURLConnection.getResponseCode() != 200) {
                        this.v = "HTTP response code was " + httpURLConnection.getResponseCode();
                        if (str2 != 0) {
                            try {
                                str2.close();
                            } catch (IOException unused) {
                            }
                        }
                        return null;
                    }
                    InputStream inputStream3 = httpURLConnection.getInputStream();
                    try {
                        int contentLength = httpURLConnection.getContentLength();
                        int i = 0;
                        if (contentLength != -1) {
                            byte[] bArr = new byte[contentLength];
                            int i2 = 0;
                            while (i != -1 && i2 < contentLength) {
                                i = inputStream3.read(bArr, i2, bArr.length - i2);
                                i2 += i;
                            }
                            if (inputStream3 != null) {
                                try {
                                    inputStream3.close();
                                } catch (IOException unused2) {
                                }
                            }
                            if (str2 != 0) {
                                try {
                                    str2.close();
                                } catch (IOException unused3) {
                                }
                            }
                            return bArr;
                        }
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        byte[] bArr2 = new byte[f3390a];
                        while (true) {
                            int read = inputStream3.read(bArr2, 0, bArr2.length);
                            if (read == -1) {
                                break;
                            }
                            byteArrayOutputStream.write(bArr2, 0, read);
                        }
                        dn.a.a(bArr2);
                        byte[] byteArray = byteArrayOutputStream.toByteArray();
                        if (inputStream3 != null) {
                            try {
                                inputStream3.close();
                            } catch (IOException unused4) {
                            }
                        }
                        if (str2 != 0) {
                            try {
                                str2.close();
                            } catch (IOException unused5) {
                            }
                        }
                        return byteArray;
                    } catch (IOException e2) {
                        inputStream2 = inputStream3;
                        e = e2;
                        outputStream2 = str2;
                        this.v = e.getMessage();
                        if (inputStream2 != null) {
                            try {
                                inputStream2.close();
                            } catch (IOException unused6) {
                            }
                        }
                        if (outputStream2 != null) {
                            try {
                                outputStream2.close();
                            } catch (IOException unused7) {
                            }
                        }
                        return null;
                    } catch (CertPathValidatorException e3) {
                        inputStream = inputStream3;
                        e = e3;
                        outputStream = str2;
                        this.v = e.getMessage();
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException unused8) {
                            }
                        }
                        if (outputStream != null) {
                            try {
                                outputStream.close();
                            } catch (IOException unused9) {
                            }
                        }
                        return null;
                    } catch (Throwable th) {
                        r0 = inputStream3;
                        th = th;
                        if (r0 != 0) {
                            try {
                                r0.close();
                            } catch (IOException unused10) {
                            }
                        }
                        if (str2 == 0) {
                            throw th;
                        }
                        try {
                            str2.close();
                            throw th;
                        } catch (IOException unused11) {
                            throw th;
                        }
                    }
                } catch (IOException e4) {
                    e = e4;
                    inputStream2 = null;
                    outputStream2 = str2;
                } catch (CertPathValidatorException e5) {
                    e = e5;
                    inputStream = null;
                    outputStream = str2;
                } catch (Throwable th2) {
                    th = th2;
                }
            } catch (Throwable th3) {
                th = th3;
                r0 = str;
            }
        } catch (IOException e6) {
            e = e6;
            inputStream2 = null;
            outputStream2 = null;
        } catch (CertPathValidatorException e7) {
            e = e7;
            inputStream = null;
            outputStream = null;
        } catch (Throwable th4) {
            th = th4;
            str2 = 0;
        }
    }
}
