package p20;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import ry.b2;
import ry.d2;

/* loaded from: classes5.dex */
public class o0 implements g10.q {

    /* renamed from: f, reason: collision with root package name */
    public static final int f64618f = 15000;

    /* renamed from: g, reason: collision with root package name */
    public static final int f64619g = 32768;

    /* renamed from: h, reason: collision with root package name */
    public static final Map f64620h;

    /* renamed from: a, reason: collision with root package name */
    public final p0 f64621a;

    /* renamed from: b, reason: collision with root package name */
    public final k20.f f64622b;

    /* renamed from: c, reason: collision with root package name */
    public g10.r f64623c;

    /* renamed from: d, reason: collision with root package name */
    public boolean f64624d;

    /* renamed from: e, reason: collision with root package name */
    public String f64625e;

    static {
        HashMap hashMap = new HashMap();
        f64620h = hashMap;
        hashMap.put(new ry.y("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(yy.t.f87965va, "SHA224WITHRSA");
        hashMap.put(yy.t.f87956sa, "SHA256WITHRSA");
        hashMap.put(yy.t.f87959ta, "SHA384WITHRSA");
        hashMap.put(yy.t.f87962ua, "SHA512WITHRSA");
        hashMap.put(uy.a.f79813n, "GOST3411WITHGOST3410");
        hashMap.put(uy.a.f79814o, "GOST3411WITHECGOST3410");
        hashMap.put(f10.a.f43993i, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(f10.a.f43994j, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(p00.a.f64399d, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(p00.a.f64400e, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(p00.a.f64401f, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(p00.a.f64402g, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(p00.a.f64403h, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(p00.a.f64404i, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(s00.a.f72942s, "SHA1WITHCVC-ECDSA");
        hashMap.put(s00.a.f72943t, "SHA224WITHCVC-ECDSA");
        hashMap.put(s00.a.f72944u, "SHA256WITHCVC-ECDSA");
        hashMap.put(s00.a.f72945v, "SHA384WITHCVC-ECDSA");
        hashMap.put(s00.a.f72946w, "SHA512WITHCVC-ECDSA");
        hashMap.put(w00.a.f83039a, "XMSS");
        hashMap.put(w00.a.f83040b, "XMSSMT");
        hashMap.put(new ry.y("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new ry.y("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new ry.y("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(iz.r.f50970d4, "SHA1WITHECDSA");
        hashMap.put(iz.r.f50978h4, "SHA224WITHECDSA");
        hashMap.put(iz.r.f50980i4, "SHA256WITHECDSA");
        hashMap.put(iz.r.f50982j4, "SHA384WITHECDSA");
        hashMap.put(iz.r.f50984k4, "SHA512WITHECDSA");
        hashMap.put(e10.b.f40960k, "SHA1WITHRSA");
        hashMap.put(e10.b.f40959j, "SHA1WITHDSA");
        hashMap.put(wy.d.f84663a0, "SHA224WITHDSA");
        hashMap.put(wy.d.f84665b0, "SHA256WITHDSA");
    }

    public o0(p0 p0Var, k20.f fVar) {
        this.f64621a = p0Var;
        this.f64622b = fVar;
    }

    public static byte[] b(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(fz.h1.L(publicKey.getEncoded()).O().U());
    }

    public static String f(ry.y yVar) {
        String b11 = k20.h.b(yVar);
        int indexOf = b11.indexOf(45);
        if (indexOf <= 0 || b11.startsWith("SHA3")) {
            return b11;
        }
        return b11.substring(0, indexOf) + b11.substring(indexOf + 1);
    }

    public static URI g(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(fz.b0.A.Y());
        if (extensionValue == null) {
            return null;
        }
        fz.a[] L = fz.j.M(ry.z.U(extensionValue).W()).L();
        for (int i11 = 0; i11 != L.length; i11++) {
            fz.a aVar = L[i11];
            if (fz.a.f45021d.O(aVar.J())) {
                fz.e0 H = aVar.H();
                if (H.g() == 6) {
                    try {
                        return new URI(((ry.l0) H.M()).getString());
                    } catch (URISyntaxException unused) {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    public static String h(fz.b bVar) {
        ry.g M = bVar.M();
        if (M == null || b2.f72647b.N(M) || !bVar.H().O(yy.t.f87953ra)) {
            Map map = f64620h;
            boolean containsKey = map.containsKey(bVar.H());
            ry.y H = bVar.H();
            return containsKey ? (String) map.get(H) : H.Y();
        }
        return f(yy.b0.J(M).H().H()) + "WITHRSAANDMGF1";
    }

    public static X509Certificate i(xy.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2, k20.f fVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        xy.j M = aVar.O().M();
        byte[] L = M.L();
        if (L != null) {
            MessageDigest n11 = fVar.n("SHA1");
            if (x509Certificate2 != null && i50.a.g(L, b(n11, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate == null || !i50.a.g(L, b(n11, x509Certificate.getPublicKey()))) {
                return null;
            }
            return x509Certificate;
        }
        dz.f fVar2 = ez.b.U;
        dz.d L2 = dz.d.L(fVar2, M.M());
        if (x509Certificate2 != null && L2.equals(dz.d.L(fVar2, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
            return x509Certificate2;
        }
        if (x509Certificate == null || !L2.equals(dz.d.L(fVar2, x509Certificate.getSubjectX500Principal().getEncoded()))) {
            return null;
        }
        return x509Certificate;
    }

    public static boolean n(xy.j jVar, X509Certificate x509Certificate, k20.f fVar) throws NoSuchProviderException, NoSuchAlgorithmException {
        byte[] L = jVar.L();
        if (L != null) {
            return i50.a.g(L, b(fVar.n("SHA1"), x509Certificate.getPublicKey()));
        }
        dz.f fVar2 = ez.b.U;
        return dz.d.L(fVar2, jVar.M()).equals(dz.d.L(fVar2, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static boolean o(xy.a aVar, g10.r rVar, byte[] bArr, X509Certificate x509Certificate, k20.f fVar) throws CertPathValidatorException {
        try {
            ry.g0 H = aVar.H();
            Signature a11 = fVar.a(h(aVar.N()));
            X509Certificate i11 = i(aVar, rVar.d(), x509Certificate, fVar);
            if (i11 == null && H == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (i11 != null) {
                a11.initVerify(i11.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) fVar.e("X.509").generateCertificate(new ByteArrayInputStream(H.X(0).h().getEncoded()));
                x509Certificate2.verify(rVar.d().getPublicKey());
                x509Certificate2.checkValidity(rVar.e());
                if (!n(aVar.O().M(), x509Certificate2, fVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, rVar.a(), rVar.b());
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(fz.m0.f45271l.H())) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, rVar.a(), rVar.b());
                }
                a11.initVerify(x509Certificate2);
            }
            a11.update(aVar.O().D("DER"));
            if (!a11.verify(aVar.M().Y())) {
                return false;
            }
            if (bArr != null && !i50.a.g(bArr, aVar.O().N().M(xy.e.f86052c).M().W())) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, rVar.a(), rVar.b());
            }
            return true;
        } catch (IOException e11) {
            throw new CertPathValidatorException("OCSP response failure: " + e11.getMessage(), e11, rVar.a(), rVar.b());
        } catch (CertPathValidatorException e12) {
            throw e12;
        } catch (GeneralSecurityException e13) {
            throw new CertPathValidatorException("OCSP response failure: " + e13.getMessage(), e13, rVar.a(), rVar.b());
        }
    }

    @Override // g10.q
    public void a(g10.r rVar) {
        this.f64623c = rVar;
        this.f64624d = i50.r.f("ocsp.enable");
        this.f64625e = i50.r.d("ocsp.responderURL");
    }

    public final xy.b c(fz.b bVar, fz.q qVar, ry.t tVar) throws CertPathValidatorException {
        try {
            MessageDigest n11 = this.f64622b.n(k20.h.b(bVar.H()));
            return new xy.b(bVar, new d2(n11.digest(qVar.R().D("DER"))), new d2(n11.digest(qVar.T().O().U())), tVar);
        } catch (Exception e11) {
            throw new CertPathValidatorException("problem creating ID: " + e11, e11);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x01a0, code lost:
    
        if (r0.H().equals(r1.H().H()) != false) goto L66;
     */
    @Override // g10.q
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r12) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 659
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: p20.o0.check(java.security.cert.Certificate):void");
    }

    public final xy.b d(xy.b bVar, fz.q qVar, ry.t tVar) throws CertPathValidatorException {
        return c(bVar.H(), qVar, tVar);
    }

    public final fz.q e() throws CertPathValidatorException {
        try {
            return fz.q.J(this.f64623c.d().getEncoded());
        } catch (Exception e11) {
            throw new CertPathValidatorException("cannot process signing cert: " + e11.getMessage(), e11, this.f64623c.a(), this.f64623c.b());
        }
    }

    public List<CertPathValidatorException> j() {
        return null;
    }

    public Set<String> k() {
        return null;
    }

    public void l(boolean z11) throws CertPathValidatorException {
        if (z11) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f64623c = null;
        this.f64624d = i50.r.f("ocsp.enable");
        this.f64625e = i50.r.d("ocsp.responderURL");
    }

    public boolean m() {
        return false;
    }

    @Override // g10.q
    public void setParameter(String str, Object obj) {
    }
}
