package com.rsa.cryptoj.o;

import com.rsa.cryptoj.o.du;
import com.rsa.cryptoj.o.ql;
import com.rsa.jcp.OCSPResponderConfig;
import com.rsa.jcp.OCSPWithRespondersParameters;
import com.rsa.jsafe.provider.CacheInterface;
import com.rsa.jsafe.provider.JsafeJCE;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import xh.s0;

/* loaded from: classes4.dex */
public class qn implements re {

    /* renamed from: a, reason: collision with root package name */
    private static final int f22139a = 1000;

    /* renamed from: b, reason: collision with root package name */
    private static final String f22140b = "Content-length";

    /* renamed from: c, reason: collision with root package name */
    private static final String f22141c = "application/ocsp-request";

    /* renamed from: d, reason: collision with root package name */
    private static final String f22142d = "Content-type";

    /* renamed from: e, reason: collision with root package name */
    private final PKIXParameters f22143e;

    /* renamed from: f, reason: collision with root package name */
    private final List<OCSPResponderConfig> f22144f;

    /* renamed from: t, reason: collision with root package name */
    private final boolean f22145t;

    /* renamed from: u, reason: collision with root package name */
    private final boolean f22146u;

    /* renamed from: v, reason: collision with root package name */
    private String f22147v;

    /* renamed from: w, reason: collision with root package name */
    private final ch f22148w;

    /* renamed from: x, reason: collision with root package name */
    private final List<cc> f22149x;

    /* renamed from: y, reason: collision with root package name */
    private final dl f22150y;

    /* renamed from: z, reason: collision with root package name */
    private final CacheInterface f22151z;

    public qn(ch chVar, List<cc> list) {
        this(chVar, list, null, null, false, false);
    }

    public qn(ch chVar, List<cc> list, PKIXParameters pKIXParameters, OCSPWithRespondersParameters oCSPWithRespondersParameters) {
        this(chVar, list, pKIXParameters, oCSPWithRespondersParameters, oCSPWithRespondersParameters.isOverrideAIAEnabled(), oCSPWithRespondersParameters.isSupplementAIAEnabled());
    }

    private qn(ch chVar, List<cc> list, PKIXParameters pKIXParameters, OCSPWithRespondersParameters oCSPWithRespondersParameters, boolean z10, boolean z11) {
        CacheInterface cacheInterface;
        this.f22150y = new dl();
        this.f22148w = chVar;
        this.f22149x = list;
        this.f22143e = pKIXParameters;
        this.f22145t = z10;
        this.f22146u = z11;
        if (oCSPWithRespondersParameters != null) {
            this.f22144f = oCSPWithRespondersParameters.getResponderConfigurations();
            cacheInterface = oCSPWithRespondersParameters.getCache();
        } else {
            cacheInterface = null;
            this.f22144f = null;
        }
        this.f22151z = cacheInterface;
    }

    private ql.a a(qk qkVar, OCSPResponderConfig oCSPResponderConfig, pz pzVar, Date date) {
        byte[] item;
        CacheInterface cacheInterface = this.f22151z;
        if (cacheInterface == null || (item = cacheInterface.getItem(qkVar.b())) == null) {
            return null;
        }
        ql qlVar = new ql(this.f22148w, this.f22149x, item);
        if (!a(qkVar, qlVar, oCSPResponderConfig, pzVar, date)) {
            return null;
        }
        ql.a b10 = qlVar.b(qkVar.b());
        int f10 = b10.f();
        if (f10 != 0 && f10 != 1) {
            return null;
        }
        if (dl.a()) {
            this.f22150y.a("OCSP response found in OCSP cache.");
        }
        return b10;
    }

    private OCSPResponderConfig a(String str, pz pzVar, List<OCSPResponderConfig> list) {
        OCSPResponderConfig oCSPResponderConfig;
        OCSPResponderConfig[] oCSPResponderConfigArr = new OCSPResponderConfig[4];
        for (int i10 = 0; i10 < list.size(); i10++) {
            OCSPResponderConfig oCSPResponderConfig2 = list.get(i10);
            if (oCSPResponderConfig2.getOCSPResponderURL() == null) {
                X509Certificate trustedResponderCert = oCSPResponderConfig2.getTrustedResponderCert();
                if (trustedResponderCert != null && pzVar.a(trustedResponderCert) && oCSPResponderConfigArr[0] == null) {
                    oCSPResponderConfigArr[0] = (OCSPResponderConfig) oCSPResponderConfig2.clone();
                    oCSPResponderConfig = oCSPResponderConfigArr[0];
                } else if (trustedResponderCert != null && trustedResponderCert.getIssuerX500Principal().equals(pzVar.c()) && oCSPResponderConfigArr[1] == null) {
                    oCSPResponderConfigArr[1] = (OCSPResponderConfig) oCSPResponderConfig2.clone();
                    oCSPResponderConfig = oCSPResponderConfigArr[1];
                } else if (trustedResponderCert != null && oCSPResponderConfigArr[2] == null) {
                    oCSPResponderConfigArr[2] = (OCSPResponderConfig) oCSPResponderConfig2.clone();
                    oCSPResponderConfig = oCSPResponderConfigArr[2];
                } else if (trustedResponderCert == null && oCSPResponderConfigArr[3] == null) {
                    oCSPResponderConfigArr[3] = (OCSPResponderConfig) oCSPResponderConfig2.clone();
                    oCSPResponderConfig = oCSPResponderConfigArr[3];
                }
                oCSPResponderConfig.setResponderURL(str);
            } else if (oCSPResponderConfig2.getOCSPResponderURL().equals(str)) {
                list.remove(oCSPResponderConfig2);
                return oCSPResponderConfig2;
            }
        }
        for (int i11 = 0; i11 < 4; i11++) {
            if (oCSPResponderConfigArr[i11] != null) {
                return oCSPResponderConfigArr[i11];
            }
        }
        return new OCSPResponderConfig(str);
    }

    private X509Certificate a(ql qlVar) {
        X509Certificate x509Certificate;
        Iterator<X509Certificate> it = qlVar.b().iterator();
        while (true) {
            if (!it.hasNext()) {
                x509Certificate = null;
                break;
            }
            x509Certificate = it.next();
            if (qlVar.a(x509Certificate)) {
                break;
            }
        }
        return x509Certificate == null ? b(qlVar) : x509Certificate;
    }

    private void a(ql.a aVar, qk qkVar, byte[] bArr) {
        if (this.f22151z != null) {
            if (aVar.f() == 0 || aVar.f() == 1) {
                if (dl.a()) {
                    this.f22150y.a("Adding OCSP response to OCSP Cache.");
                }
                this.f22151z.updateItem(qkVar.b(), bArr, aVar.b().getTime() - System.currentTimeMillis());
            }
        }
    }

    private boolean a(qk qkVar, ql qlVar, OCSPResponderConfig oCSPResponderConfig, pz pzVar, Date date) {
        String str;
        PublicKey b10;
        if (qlVar.c()) {
            X509Certificate trustedResponderCert = oCSPResponderConfig.getTrustedResponderCert();
            if (trustedResponderCert != null) {
                if (!qlVar.a(trustedResponderCert)) {
                    str = re.f22234n;
                }
                b10 = trustedResponderCert.getPublicKey();
            } else if (qlVar.a(pzVar)) {
                b10 = pzVar.b();
            } else {
                trustedResponderCert = a(qlVar);
                if (trustedResponderCert == null) {
                    str = re.f22237q;
                } else {
                    if (!trustedResponderCert.getIssuerX500Principal().equals(pzVar.c())) {
                        this.f22147v = re.f22238r;
                        return false;
                    }
                    List<String> list = null;
                    try {
                        list = trustedResponderCert.getExtendedKeyUsage();
                    } catch (CertificateParsingException e10) {
                        this.f22147v = "Certificate contained invalid extension: " + e10.getMessage();
                    }
                    if (list == null || !list.contains(pj.dv.toString())) {
                        this.f22147v = re.f22238r;
                        return false;
                    }
                    if (!a(trustedResponderCert, pzVar, !(px.a(trustedResponderCert, pj.cY) != null) && oCSPResponderConfig.isResponderRevocationCheckingEnabled())) {
                        return false;
                    }
                    b10 = trustedResponderCert.getPublicKey();
                }
            }
            if (!qlVar.a(b10)) {
                str = re.f22236p;
            } else if (qlVar.a(qkVar.c())) {
                ql.a b11 = qlVar.b(qkVar.b());
                if (b11 == null) {
                    str = re.f22233m;
                } else if (new Date(b11.a().getTime() - (oCSPResponderConfig.getTimeTolerance() * 1000)).after(date)) {
                    str = re.f22230j;
                } else {
                    if (b11.b() == null || !new Date(b11.b().getTime() + (oCSPResponderConfig.getTimeTolerance() * 1000)).before(date)) {
                        return true;
                    }
                    str = re.f22232l;
                }
            } else {
                str = re.f22235o;
            }
        } else {
            str = qlVar.d();
        }
        this.f22147v = str;
        return false;
    }

    private boolean a(X509Certificate x509Certificate, pz pzVar, boolean z10) {
        StringBuilder sb2;
        String message;
        try {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSubject(x509Certificate.getSubjectX500Principal().getEncoded());
            HashSet hashSet = new HashSet();
            if (pzVar.a() != null) {
                hashSet.add(pzVar.a());
            } else {
                hashSet.add(new TrustAnchor(pzVar.d(), null));
            }
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            CertStore certStore = CertStore.getInstance(JsafeJCE.COLLECTION, new CollectionCertStoreParameters(Arrays.asList(x509Certificate)), com.rsa.jsafe.provider.b.a(this.f22148w, kf.f21323a));
            pKIXBuilderParameters.setCertStores(this.f22143e.getCertStores());
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setRevocationEnabled(z10);
            pKIXBuilderParameters.addCertStore(certStore);
            new qp(this.f22148w, this.f22149x).engineBuild(pKIXBuilderParameters);
            return true;
        } catch (IOException e10) {
            sb2 = new StringBuilder();
            sb2.append("Could not validate delegated responder certificate: ");
            message = e10.getMessage();
            sb2.append(message);
            this.f22147v = sb2.toString();
            return false;
        } catch (GeneralSecurityException e11) {
            sb2 = new StringBuilder();
            sb2.append("Could not validate delegated responder certificate: ");
            message = e11.getMessage();
            sb2.append(message);
            this.f22147v = sb2.toString();
            return false;
        }
    }

    private X509Certificate b(ql qlVar) {
        Collection<? extends Certificate> certificates;
        X500Principal a10 = qlVar.a();
        List<CertStore> certStores = this.f22143e.getCertStores();
        if (a10 != null) {
            Iterator<TrustAnchor> it = this.f22143e.getTrustAnchors().iterator();
            while (it.hasNext()) {
                X509Certificate trustedCert = it.next().getTrustedCert();
                if (trustedCert != null && qlVar.a(trustedCert)) {
                    return trustedCert;
                }
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            try {
                x509CertSelector.setSubject(a10.getEncoded());
                Iterator<CertStore> it2 = certStores.iterator();
                while (it2.hasNext()) {
                    try {
                        certificates = it2.next().getCertificates(x509CertSelector);
                    } catch (CertStoreException unused) {
                    }
                    if (!certificates.isEmpty()) {
                        return (X509Certificate) certificates.iterator().next();
                    }
                    continue;
                }
            } catch (IOException unused2) {
                return null;
            }
        } else {
            Iterator<CertStore> it3 = certStores.iterator();
            while (it3.hasNext()) {
                try {
                    Iterator<? extends Certificate> it4 = it3.next().getCertificates(new X509CertSelector()).iterator();
                    while (it4.hasNext()) {
                        X509Certificate x509Certificate = (X509Certificate) it4.next();
                        if (qlVar.a(x509Certificate)) {
                            return x509Certificate;
                        }
                    }
                } catch (CertStoreException unused3) {
                }
            }
        }
        return null;
    }

    @Override // com.rsa.cryptoj.o.re
    public rf a(X509Certificate x509Certificate, pz pzVar, Date date) throws InvalidAlgorithmParameterException {
        ArrayList arrayList;
        int i10;
        LinkedHashSet<String> linkedHashSet = new LinkedHashSet();
        if (!this.f22145t) {
            d a10 = px.a(x509Certificate, pj.cO);
            int c10 = a10 == null ? 0 : a10.c();
            for (int i11 = 0; i11 < c10; i11++) {
                d a11 = a10.a(i11);
                if (a11.a(0).equals(pj.dx.c())) {
                    linkedHashSet.add((String) new pg(a11.a(1)).c());
                }
            }
        }
        if (this.f22146u || this.f22145t) {
            Iterator<OCSPResponderConfig> it = this.f22144f.iterator();
            while (it.hasNext()) {
                String oCSPResponderURL = it.next().getOCSPResponderURL();
                if (oCSPResponderURL != null) {
                    linkedHashSet.add(oCSPResponderURL);
                }
            }
        }
        int i12 = 2;
        if (!this.f22145t && !this.f22146u && linkedHashSet.isEmpty()) {
            return new rf(2, "No OCSP responders are configured.", pj.cO);
        }
        ArrayList arrayList2 = new ArrayList();
        List<OCSPResponderConfig> list = this.f22144f;
        if (list != null) {
            arrayList2.addAll(list);
        }
        for (String str : linkedHashSet) {
            OCSPResponderConfig a12 = a(str, pzVar, arrayList2);
            qk qkVar = new qk(this.f22148w, this.f22149x, x509Certificate, pzVar.b(), a12);
            ql.a a13 = a(qkVar, a12, pzVar, date);
            if (a13 == null) {
                byte[] a14 = a(qkVar, str, a12.getOCSPProxy());
                if (a14 == null) {
                    continue;
                } else {
                    ql qlVar = new ql(this.f22148w, this.f22149x, a14);
                    arrayList = arrayList2;
                    i10 = i12;
                    if (a(qkVar, qlVar, a12, pzVar, date)) {
                        ql.a b10 = qlVar.b(qkVar.b());
                        a(b10, qkVar, a14);
                        a13 = b10;
                    }
                    i12 = i10;
                    arrayList2 = arrayList;
                }
            } else {
                arrayList = arrayList2;
                i10 = i12;
            }
            int f10 = a13.f();
            if (f10 == 0) {
                return new rf(0, null, pj.cO);
            }
            if (f10 == 1) {
                return new rf(1, "Certificate revoked on " + a13.e() + " for reason: " + po.f22007e.get(a13.c()), pj.cO);
            }
            if (f10 == i10) {
                this.f22147v = re.f22231k;
                return new rf(i10, re.f22231k, pj.cO);
            }
            i12 = i10;
            arrayList2 = arrayList;
        }
        int i13 = i12;
        if (this.f22147v == null) {
            this.f22147v = "No valid OCSP Responder URLs specified.";
        }
        return new rf(i13, "Could not determine revocation status: " + this.f22147v, pj.cO);
    }

    public String a() {
        return this.f22147v;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1 */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r0v3 */
    /* JADX WARN: Type inference failed for: r0v4 */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r10v1 */
    /* JADX WARN: Type inference failed for: r10v14, types: [java.io.OutputStream] */
    /* JADX WARN: Type inference failed for: r10v4, types: [java.io.OutputStream] */
    public byte[] a(qk qkVar, String str, String str2) {
        InputStream inputStream;
        OutputStream outputStream;
        InputStream inputStream2;
        OutputStream outputStream2;
        URL url;
        ?? r02 = 0;
        r02 = 0;
        try {
            try {
                byte[] a10 = qkVar.a();
                if (str2 != 0) {
                    URL url2 = new URL(str2);
                    url = new URL(url2.getProtocol(), url2.getHost(), url2.getPort(), str);
                } else {
                    url = new URL(str);
                }
                HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                if (cq.D() != 0) {
                    httpURLConnection.setConnectTimeout(cq.D());
                }
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setRequestMethod(s0.f62810n);
                httpURLConnection.setRequestProperty(f22142d, f22141c);
                httpURLConnection.setRequestProperty(f22140b, String.valueOf(a10.length));
                str2 = httpURLConnection.getOutputStream();
                try {
                    str2.write(a10);
                    str2.flush();
                    str2.close();
                    if (httpURLConnection.getResponseCode() != 200) {
                        this.f22147v = "HTTP response code was " + httpURLConnection.getResponseCode();
                        try {
                            str2.close();
                        } catch (IOException unused) {
                        }
                        return null;
                    }
                    InputStream inputStream3 = httpURLConnection.getInputStream();
                    try {
                        int contentLength = httpURLConnection.getContentLength();
                        int i10 = 0;
                        if (contentLength != -1) {
                            byte[] bArr = new byte[contentLength];
                            int i11 = 0;
                            while (i10 != -1 && i11 < contentLength) {
                                i10 = inputStream3.read(bArr, i11, contentLength - i11);
                                i11 += i10;
                            }
                            if (inputStream3 != null) {
                                try {
                                    inputStream3.close();
                                } catch (IOException unused2) {
                                }
                            }
                            try {
                                str2.close();
                            } catch (IOException unused3) {
                            }
                            return bArr;
                        }
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        byte[] bArr2 = new byte[1000];
                        while (true) {
                            int read = inputStream3.read(bArr2, 0, 1000);
                            if (read == -1) {
                                break;
                            }
                            byteArrayOutputStream.write(bArr2, 0, read);
                        }
                        du.a.a(bArr2);
                        byte[] byteArray = byteArrayOutputStream.toByteArray();
                        try {
                            inputStream3.close();
                        } catch (IOException unused4) {
                        }
                        try {
                            str2.close();
                        } catch (IOException unused5) {
                        }
                        return byteArray;
                    } catch (IOException e10) {
                        inputStream2 = inputStream3;
                        e = e10;
                        outputStream2 = str2;
                        this.f22147v = e.getMessage();
                        if (inputStream2 != null) {
                            try {
                                inputStream2.close();
                            } catch (IOException unused6) {
                            }
                        }
                        if (outputStream2 != null) {
                            try {
                                outputStream2.close();
                            } catch (IOException unused7) {
                            }
                        }
                        return null;
                    } catch (CertPathValidatorException e11) {
                        inputStream = inputStream3;
                        e = e11;
                        outputStream = str2;
                        this.f22147v = e.getMessage();
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException unused8) {
                            }
                        }
                        if (outputStream != null) {
                            try {
                                outputStream.close();
                            } catch (IOException unused9) {
                            }
                        }
                        return null;
                    } catch (Throwable th2) {
                        r02 = inputStream3;
                        th = th2;
                        if (r02 != 0) {
                            try {
                                r02.close();
                            } catch (IOException unused10) {
                            }
                        }
                        if (str2 == 0) {
                            throw th;
                        }
                        try {
                            str2.close();
                            throw th;
                        } catch (IOException unused11) {
                            throw th;
                        }
                    }
                } catch (IOException e12) {
                    e = e12;
                    inputStream2 = null;
                    outputStream2 = str2;
                } catch (CertPathValidatorException e13) {
                    e = e13;
                    inputStream = null;
                    outputStream = str2;
                } catch (Throwable th3) {
                    th = th3;
                }
            } catch (Throwable th4) {
                th = th4;
                r02 = str;
            }
        } catch (IOException e14) {
            e = e14;
            inputStream2 = null;
            outputStream2 = null;
        } catch (CertPathValidatorException e15) {
            e = e15;
            inputStream = null;
            outputStream = null;
        } catch (Throwable th5) {
            th = th5;
            str2 = 0;
        }
    }
}
