package com.rsa.cryptoj.o;

import com.rsa.crypto.ParamNames;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class px {

    /* renamed from: a, reason: collision with root package name */
    private String f7365a;

    /* renamed from: b, reason: collision with root package name */
    private boolean f7366b;

    /* renamed from: c, reason: collision with root package name */
    private byte[] f7367c;

    /* renamed from: d, reason: collision with root package name */
    private oi f7368d;

    /* renamed from: e, reason: collision with root package name */
    private byte[] f7369e;

    /* renamed from: g, reason: collision with root package name */
    private X500Principal f7371g;

    /* renamed from: h, reason: collision with root package name */
    private byte[] f7372h;

    /* renamed from: j, reason: collision with root package name */
    private byte[] f7374j;

    /* renamed from: k, reason: collision with root package name */
    private final cf f7375k;

    /* renamed from: l, reason: collision with root package name */
    private final List<ca> f7376l;

    /* renamed from: f, reason: collision with root package name */
    private final List<X509Certificate> f7370f = new ArrayList();

    /* renamed from: i, reason: collision with root package name */
    private final List<a> f7373i = new ArrayList();

    /* loaded from: classes.dex */
    public class a {

        /* renamed from: b, reason: collision with root package name */
        private final byte[] f7378b;

        /* renamed from: c, reason: collision with root package name */
        private final oi f7379c;

        /* renamed from: d, reason: collision with root package name */
        private final int f7380d;

        /* renamed from: e, reason: collision with root package name */
        private final Date f7381e;

        /* renamed from: f, reason: collision with root package name */
        private Date f7382f;

        /* renamed from: g, reason: collision with root package name */
        private Date f7383g;

        /* renamed from: h, reason: collision with root package name */
        private int f7384h;

        public a(d dVar, Date date, int i3, Date date2, Date date3, d dVar2) {
            this.f7384h = -1;
            this.f7378b = com.rsa.cryptoj.o.a.c(dVar);
            this.f7379c = new oi(dVar.a("hashAlgorithm"));
            this.f7383g = date;
            this.f7381e = (Date) date2.clone();
            if (date3 != null) {
                this.f7382f = (Date) date3.clone();
            }
            this.f7380d = 1;
            this.f7384h = i3;
            a(dVar2);
        }

        public a(d dVar, Date date, Date date2, boolean z3, d dVar2) {
            this.f7384h = -1;
            this.f7378b = com.rsa.cryptoj.o.a.c(dVar);
            this.f7379c = new oi(dVar.a("hashAlgorithm"));
            this.f7381e = (Date) date.clone();
            if (date2 != null) {
                this.f7382f = (Date) date2.clone();
            }
            this.f7380d = z3 ? 2 : 0;
            a(dVar2);
        }

        private void a(d dVar) {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Date a() {
            return (Date) this.f7381e.clone();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Date b() {
            Date date = this.f7382f;
            if (date == null) {
                return null;
            }
            return (Date) date.clone();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int c() {
            return this.f7384h;
        }

        oi d() {
            return this.f7379c;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Date e() {
            return (Date) this.f7383g.clone();
        }

        public int f() {
            return this.f7380d;
        }
    }

    public px(cf cfVar, List<ca> list, byte[] bArr) {
        this.f7375k = cfVar;
        this.f7376l = list;
        try {
            d a4 = com.rsa.cryptoj.o.a.a("OCSPResponse", bArr, 0);
            int i3 = ((r) a4.a("responseStatus")).i();
            if (i3 != 0) {
                this.f7365a = "OCSP response status was not successful (" + i3 + ")";
                return;
            }
            d a5 = a4.a("responseBytes");
            if (a5 == null) {
                this.f7365a = "OCSP response did not not contain status information.";
                return;
            }
            if (!a5.a("responseType").equals(ov.dw.c())) {
                this.f7365a = "Only basic OCSP responders are supported";
                return;
            }
            ByteBuffer i4 = ((ad) a5.a("response")).i();
            d a6 = com.rsa.cryptoj.o.a.a("BasicOCSPResponse", i4);
            if (a(a6.a("tbsResponseData"))) {
                this.f7368d = new oi(a6.a("signatureAlgorithm"));
                this.f7369e = ((k) a6.a("signature")).g();
                d a7 = a6.a("certs");
                int c4 = a7 == null ? 0 : a7.c();
                i4.rewind();
                com.rsa.cryptoj.o.a.c(i4);
                this.f7367c = ((f) com.rsa.cryptoj.o.a.a((c) e.f5780a, i4)).h();
                com.rsa.cryptoj.o.a.a(i4);
                com.rsa.cryptoj.o.a.a(i4);
                if (i4.remaining() > 0) {
                    com.rsa.cryptoj.o.a.c(i4);
                    com.rsa.cryptoj.o.a.c(i4);
                    for (int i5 = 0; i5 < c4; i5++) {
                        try {
                            this.f7370f.add(pm.a(cfVar, list, com.rsa.cryptoj.o.a.a(i4)));
                        } catch (CertificateException unused) {
                            this.f7365a = "Error reading certificates.";
                            return;
                        }
                    }
                }
                this.f7366b = true;
            }
        } catch (b unused2) {
            this.f7365a = "Invalid OCSP response.";
        }
    }

    private boolean a(d dVar) {
        d a4 = dVar.a(ParamNames.VERSION);
        if (a4 != null && ((v) a4).i() != 0) {
            this.f7365a = "Only OCSP version 1 is supported.";
            return false;
        }
        d a5 = dVar.a("responderID");
        if (com.rsa.cryptoj.o.a.f(a5.b().c()) == 1) {
            ByteBuffer wrap = ByteBuffer.wrap(com.rsa.cryptoj.o.a.a(a5));
            com.rsa.cryptoj.o.a.c(wrap);
            byte[] bArr = new byte[wrap.remaining()];
            wrap.get(bArr);
            this.f7371g = new X500Principal(bArr);
        } else {
            this.f7372h = ((ad) a5).h();
        }
        d a6 = dVar.a("responses");
        for (int i3 = 0; i3 < a6.c(); i3++) {
            if (!c(a6.a(i3))) {
                return false;
            }
        }
        b(dVar.a("responseExtensions"));
        return true;
    }

    private void b(d dVar) {
        if (dVar == null) {
            return;
        }
        this.f7374j = new pd(dVar, 4).a(ov.de.toString());
    }

    private boolean c(d dVar) {
        a aVar;
        d a4 = dVar.a("certStatus");
        int f3 = com.rsa.cryptoj.o.a.f(a4.b().e());
        Date g3 = ((aq) dVar.a("thisUpdate")).g();
        Date date = dVar.a("nextUpdate") == null ? new Date(g3.getTime() + qp.a()) : ((aq) dVar.a("nextUpdate")).g();
        if (f3 == 1) {
            r rVar = (r) a4.a("revocationReason");
            aVar = new a(dVar.a("certID"), ((aq) a4.a("revocationTime")).g(), rVar == null ? 0 : rVar.i(), g3, date, dVar.a("singleExtensions"));
        } else {
            aVar = new a(dVar.a("certID"), g3, date, f3 == 2, dVar.a("singleExtensions"));
        }
        if (aVar.d().d().a()) {
            this.f7365a = "OCSP response uses unsupported message digest algorithm.";
            return false;
        }
        this.f7373i.add(aVar);
        return true;
    }

    public a a(X509Certificate x509Certificate, PublicKey publicKey) throws InvalidAlgorithmParameterException {
        for (a aVar : this.f7373i) {
            if (Arrays.equals(qa.a(this.f7375k, this.f7376l, aVar.d().c(), x509Certificate, publicKey), aVar.f7378b)) {
                return aVar;
            }
        }
        return null;
    }

    public X500Principal a() {
        return this.f7371g;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(pl plVar) {
        if (plVar.d() != null) {
            return a(plVar.d());
        }
        X500Principal x500Principal = this.f7371g;
        return x500Principal != null ? x500Principal.equals(plVar.c()) : Arrays.equals(this.f7372h, qa.a(plVar.b(), false, this.f7375k, this.f7376l)) || Arrays.equals(this.f7372h, qa.a(plVar.b(), this.f7375k, this.f7376l));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(PublicKey publicKey) {
        try {
            oe c4 = ke.c(this.f7368d.c(), this.f7375k, this.f7376l);
            c4.initVerify(publicKey);
            c4.update(this.f7367c);
            return c4.verify(this.f7369e);
        } catch (GeneralSecurityException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(X509Certificate x509Certificate) {
        X500Principal x500Principal = this.f7371g;
        return x500Principal != null ? x500Principal.equals(x509Certificate.getSubjectX500Principal()) : Arrays.equals(this.f7372h, qa.a(x509Certificate.getPublicKey(), false, this.f7375k, this.f7376l)) || Arrays.equals(this.f7372h, qa.a(x509Certificate.getPublicKey(), this.f7375k, this.f7376l));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(byte[] bArr) {
        if ((bArr == null && this.f7374j == null) || bArr == null) {
            return true;
        }
        if (this.f7374j == null) {
            return false;
        }
        return Arrays.equals(this.f7374j, com.rsa.cryptoj.o.a.a(com.rsa.cryptoj.o.a.a((c) ac.f5310a, (Object) bArr)));
    }

    public a b(byte[] bArr) {
        for (a aVar : this.f7373i) {
            if (Arrays.equals(bArr, aVar.f7378b)) {
                return aVar;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<X509Certificate> b() {
        return this.f7370f;
    }

    public boolean c() {
        return this.f7366b;
    }

    public String d() {
        return this.f7365a;
    }
}
