package km;

import android.content.Context;
import android.net.TrafficStats;
import android.os.Build;
import android.security.NetworkSecurityPolicy;
import com.adjust.sdk.Constants;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.l;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.l0;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.m;
import com.nttdocomo.android.ocsplib.bouncycastle.asn1.o0;
import com.nttdocomo.android.ocsplib.exception.OcspParameterException;
import com.nttdocomo.android.ocsplib.exception.OcspRequestException;
import com.nttdocomo.android.ocsplib.exception.OcspResponseException;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import jp.fluct.mediation.gma.internal.FluctMediationUtils;
import wm.f;
import wm.h;

/* compiled from: OcspUtil.java */
/* loaded from: classes3.dex */
public class e {

    /* renamed from: a, reason: collision with root package name */
    private static final String f70774a = n(System.getProperty("http.agent", "ocsp client"));

    /* renamed from: b, reason: collision with root package name */
    private static final String f70775b;

    /* renamed from: c, reason: collision with root package name */
    private static int f70776c;

    /* renamed from: d, reason: collision with root package name */
    private static int f70777d;

    /* renamed from: e, reason: collision with root package name */
    private static HashMap<String, String> f70778e;

    /* renamed from: f, reason: collision with root package name */
    private static KeyStore f70779f;

    /* renamed from: g, reason: collision with root package name */
    private static final Object f70780g;

    /* renamed from: h, reason: collision with root package name */
    private static final Object f70781h;

    static {
        f70775b = Build.VERSION.SDK_INT < 28 ? "BC" : null;
        f70776c = 5000;
        f70777d = 5000;
        f70778e = null;
        f70779f = null;
        f70780g = new Object();
        f70781h = new Object();
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x002c, code lost:
    
        if (r9.d(new dn.a().i(km.e.f70775b).d(r10)) != false) goto L8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static int a(an.f r9, java.security.PublicKey r10, java.lang.String r11, java.lang.String r12) throws com.nttdocomo.android.ocsplib.exception.OcspResponseException {
        /*
            Method dump skipped, instructions count: 481
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: km.e.a(an.f, java.security.PublicKey, java.lang.String, java.lang.String):int");
    }

    private static void b() {
        TrafficStats.clearThreadStatsTag();
    }

    private static void c() {
        synchronized (f70780g) {
            if (f70778e == null) {
                f70778e = new HashMap<>();
                try {
                    try {
                        try {
                            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                            f70779f = keyStore;
                            keyStore.load(null, null);
                            Enumeration<String> aliases = f70779f.aliases();
                            d.a("Load root certificate list ...");
                            while (aliases.hasMoreElements()) {
                                String nextElement = aliases.nextElement();
                                String replaceAll = ((X509Certificate) f70779f.getCertificate(nextElement)).getSubjectX500Principal().getName().replaceAll("[^\\\\], +", FluctMediationUtils.SERVER_PARAMETER_DELIMITER);
                                f70778e.put(replaceAll, nextElement);
                                d.a("  " + replaceAll);
                            }
                        } catch (IOException e11) {
                            d.a("Failed to get root certificate. IOException : " + e11.getMessage());
                            f70778e = null;
                        }
                    } catch (NoSuchAlgorithmException e12) {
                        d.a("Failed to get root certificate. NoSuchAlgorithmException : " + e12.getMessage());
                        f70778e = null;
                    }
                } catch (KeyStoreException e13) {
                    d.a("Failed to get root certificate. KeyStoreException : " + e13.getMessage());
                    f70778e = null;
                } catch (CertificateException e14) {
                    d.a("Failed to get root certificate. CertificateException : " + e14.getMessage());
                    f70778e = null;
                }
            }
        }
    }

    private static an.d d(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws OcspRequestException {
        try {
            an.e eVar = new an.e();
            eVar.a(new an.b(new zm.b(MessageDigest.getInstance("SHA1")), new ym.a(x509Certificate2.getEncoded()), x509Certificate.getSerialNumber()));
            return eVar.b();
        } catch (Exception e11) {
            d.a("Failed to generate OCSP request. " + e11.getMessage());
            throw new OcspRequestException("Failed to generate OCSP request. ", e11);
        }
    }

    private static String e(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(f.A.B());
        if (extensionValue == null) {
            d.a("Certificate doesn't have authority information access points.");
            return null;
        }
        try {
            for (wm.a aVar : wm.c.q(m.y(l.t(((o0) new com.nttdocomo.android.ocsplib.bouncycastle.asn1.f(extensionValue).m()).z()))).p()) {
                h p11 = aVar.p();
                if (p11.s() == 6 && wm.l.f87257s.B().equals(aVar.q().B())) {
                    return l0.y(p11.q()).g();
                }
            }
            d.a("Cannot find OCSP responder URL from certificate.");
            return null;
        } catch (IOException unused) {
            d.a("Cannot read authority information access points.");
            return null;
        }
    }

    private static X509Certificate f(X509Certificate x509Certificate) {
        String replaceAll = x509Certificate.getIssuerX500Principal().getName().replaceAll("[^\\\\], +", FluctMediationUtils.SERVER_PARAMETER_DELIMITER);
        c();
        HashMap<String, String> hashMap = f70778e;
        if (hashMap != null && f70779f != null) {
            try {
                String str = hashMap.get(replaceAll);
                if (str != null) {
                    return (X509Certificate) f70779f.getCertificate(str);
                }
            } catch (KeyStoreException e11) {
                d.a("Failed to get root certificate. KeyStoreException : " + e11.getMessage());
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:19:0x008c  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0091  */
    /* JADX WARN: Type inference failed for: r5v0, types: [java.net.URL] */
    /* JADX WARN: Type inference failed for: r5v2 */
    /* JADX WARN: Type inference failed for: r5v5, types: [java.net.HttpURLConnection] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.cert.Certificate[] g(java.net.URL r5) throws com.nttdocomo.android.ocsplib.exception.OcspRequestException {
        /*
            boolean r0 = m()
            r1 = 0
            java.net.URLConnection r5 = r5.openConnection()     // Catch: java.lang.Throwable -> L60 java.io.IOException -> L65
            javax.net.ssl.HttpsURLConnection r5 = (javax.net.ssl.HttpsURLConnection) r5     // Catch: java.lang.Throwable -> L60 java.io.IOException -> L65
            r1 = 0
            r5.setInstanceFollowRedirects(r1)     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            int r1 = km.e.f70776c     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            r5.setConnectTimeout(r1)     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            r1.<init>()     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            java.lang.String r2 = "Get server certificates connect timeout : "
            r1.append(r2)     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            int r2 = r5.getConnectTimeout()     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            r1.append(r2)     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            java.lang.String r1 = r1.toString()     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            km.d.a(r1)     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            int r1 = km.e.f70777d     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            r5.setReadTimeout(r1)     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            r1.<init>()     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            java.lang.String r2 = "Get server certificates read timeout : "
            r1.append(r2)     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            int r2 = r5.getReadTimeout()     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            r1.append(r2)     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            java.lang.String r1 = r1.toString()     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            km.d.a(r1)     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            java.lang.String r1 = "Connect to server to get certificates. (HttpsURLConnection)"
            km.d.a(r1)     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            r5.connect()     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            java.security.cert.Certificate[] r1 = r5.getServerCertificates()     // Catch: java.io.IOException -> L5e java.lang.Throwable -> L89
            r5.disconnect()
            if (r0 == 0) goto L5d
            b()
        L5d:
            return r1
        L5e:
            r1 = move-exception
            goto L69
        L60:
            r5 = move-exception
            r4 = r1
            r1 = r5
            r5 = r4
            goto L8a
        L65:
            r5 = move-exception
            r4 = r1
            r1 = r5
            r5 = r4
        L69:
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L89
            r2.<init>()     // Catch: java.lang.Throwable -> L89
            java.lang.String r3 = "Failed to get server certificates. "
            r2.append(r3)     // Catch: java.lang.Throwable -> L89
            java.lang.String r3 = r1.getMessage()     // Catch: java.lang.Throwable -> L89
            r2.append(r3)     // Catch: java.lang.Throwable -> L89
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L89
            km.d.a(r2)     // Catch: java.lang.Throwable -> L89
            com.nttdocomo.android.ocsplib.exception.OcspRequestException r2 = new com.nttdocomo.android.ocsplib.exception.OcspRequestException     // Catch: java.lang.Throwable -> L89
            java.lang.String r3 = "Failed to get server certificates."
            r2.<init>(r3, r1)     // Catch: java.lang.Throwable -> L89
            throw r2     // Catch: java.lang.Throwable -> L89
        L89:
            r1 = move-exception
        L8a:
            if (r5 == 0) goto L8f
            r5.disconnect()
        L8f:
            if (r0 == 0) goto L94
            b()
        L94:
            throw r1
        */
        throw new UnsupportedOperationException("Method not decompiled: km.e.g(java.net.URL):java.security.cert.Certificate[]");
    }

    static List<X509Certificate> h(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            arrayList.add(x509Certificate);
            X509Certificate f11 = f(x509Certificate);
            if (f11 != null) {
                d.a("Root certificate found. DN : " + f11.getSubjectX500Principal().getName());
                arrayList.add(f11);
                return arrayList;
            }
        }
        return null;
    }

    public static void i(Context context) throws OcspParameterException {
        d.a("init() start");
        if (j()) {
            d.a("Already initialized.");
            d.a("init() end");
        } else {
            if (context == null) {
                d.a("Failed to initialize library.");
                throw new OcspParameterException("Failed to initialize library.");
            }
            a.f(context.getCacheDir());
            d.a("init() end");
        }
    }

    static boolean j() {
        return a.g();
    }

    private static an.f k(an.d dVar, String str) throws OcspRequestException {
        int i11 = 0;
        Socket socket = null;
        boolean z11 = false;
        while (i11 < 20) {
            try {
                try {
                    URL url = new URL(str);
                    if (!NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted() && !Constants.SCHEME.equals(url.getProtocol())) {
                        d.a("OCSP request send by socket");
                        int port = url.getPort();
                        String path = url.getPath();
                        if (port == -1) {
                            port = 80;
                        }
                        if (path == null || path.equals("")) {
                            path = "/";
                        }
                        z11 = m();
                        InetSocketAddress inetSocketAddress = new InetSocketAddress(url.getHost(), port);
                        Socket socket2 = new Socket();
                        try {
                            socket2.connect(inetSocketAddress, f70776c);
                            socket2.setSoTimeout(f70777d);
                            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(socket2.getOutputStream()));
                            DataInputStream dataInputStream = new DataInputStream(new BufferedInputStream(socket2.getInputStream()));
                            dataOutputStream.writeBytes("POST " + path + " HTTP/1.1\r\n");
                            dataOutputStream.writeBytes("Content-Type: application/ocsp-request\r\n");
                            dataOutputStream.writeBytes("Accept: application/ocsp-response\r\n");
                            dataOutputStream.writeBytes("Content-Length: " + dVar.a().length + "\r\n");
                            dataOutputStream.writeBytes("User-Agent: " + f70774a + "\r\n");
                            dataOutputStream.writeBytes("Host: " + url.getHost() + "\r\n");
                            dataOutputStream.writeBytes("\r\n");
                            dataOutputStream.write(dVar.a());
                            dataOutputStream.flush();
                            c cVar = new c(dataInputStream);
                            dataOutputStream.close();
                            dataInputStream.close();
                            socket2.close();
                            int c11 = cVar.c();
                            if (c11 == 200) {
                                an.f fVar = new an.f(cVar.a());
                                try {
                                    socket2.close();
                                } catch (IOException e11) {
                                    d.a("Failed to socket close. " + e11.getMessage());
                                }
                                if (z11) {
                                    b();
                                }
                                return fVar;
                            }
                            switch (c11) {
                                case 300:
                                case 301:
                                case 302:
                                case 303:
                                    String b11 = cVar.b();
                                    if (b11 == null) {
                                        d.a("Failed to send OCSP request. response code : " + cVar.c());
                                        throw new OcspRequestException("Failed to send OCSP request. response code : " + cVar.c());
                                    }
                                    i11++;
                                    socket = socket2;
                                    str = b11;
                                default:
                                    d.a("Failed to send OCSP request. response code : " + cVar.c());
                                    throw new OcspRequestException("Failed to send OCSP request. response code : " + cVar.c());
                            }
                        } catch (IOException e12) {
                            e = e12;
                            d.a("Failed to send OCSP request. " + e.getMessage());
                            throw new OcspRequestException("Failed to send OCSP request.", e);
                        } catch (Throwable th2) {
                            th = th2;
                            socket = socket2;
                            if (socket != null) {
                                try {
                                    socket.close();
                                } catch (IOException e13) {
                                    d.a("Failed to socket close. " + e13.getMessage());
                                }
                            }
                            if (!z11) {
                                throw th;
                            }
                            b();
                            throw th;
                        }
                    }
                    d.a("OCSP request send by HttpURLConnection");
                    an.f l11 = l(dVar, str);
                    if (socket != null) {
                        try {
                            socket.close();
                        } catch (IOException e14) {
                            d.a("Failed to socket close. " + e14.getMessage());
                        }
                    }
                    if (z11) {
                        b();
                    }
                    return l11;
                } catch (IOException e15) {
                    e = e15;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        }
        d.a("Dreirect count limit over");
        throw new OcspRequestException("Failed to send OCSP request. Dreirect count limit over");
    }

    private static an.f l(an.d dVar, String str) throws OcspRequestException {
        HttpURLConnection httpURLConnection;
        boolean m11 = m();
        HttpURLConnection httpURLConnection2 = null;
        try {
            try {
                httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            } catch (IOException e11) {
                e = e11;
            }
        } catch (Throwable th2) {
            th = th2;
        }
        try {
            httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
            httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setConnectTimeout(f70776c);
            d.a("OCSP request connect timeout : " + httpURLConnection.getConnectTimeout());
            httpURLConnection.setReadTimeout(f70777d);
            d.a("OCSP request read timeout : " + httpURLConnection.getReadTimeout());
            d.a("Send OCSP request.");
            DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
            dataOutputStream.write(dVar.a());
            dataOutputStream.flush();
            dataOutputStream.close();
            d.a("OCSP response responseCode : " + httpURLConnection.getResponseCode());
            d.a("OCSP response Content-Length : " + httpURLConnection.getContentLength());
            d.a("OCSP response Content-Type : " + httpURLConnection.getContentType());
            if (httpURLConnection.getResponseCode() != 200) {
                d.a("Failed to send OCSP request. response code : " + httpURLConnection.getResponseCode());
                throw new OcspRequestException("Failed to send OCSP request. response code : " + httpURLConnection.getResponseCode());
            }
            InputStream inputStream = httpURLConnection.getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                byte[] bArr = new byte[4096];
                int read = inputStream.read(bArr);
                if (read < 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            inputStream.close();
            an.f fVar = new an.f(byteArrayOutputStream.toByteArray());
            d.a("OCSP response status : " + fVar.b());
            httpURLConnection.disconnect();
            if (m11) {
                b();
            }
            return fVar;
        } catch (IOException e12) {
            e = e12;
            httpURLConnection2 = httpURLConnection;
            d.a("Failed to send OCSP request. " + e.getMessage());
            throw new OcspRequestException("Failed to send OCSP request.", e);
        } catch (Throwable th3) {
            th = th3;
            httpURLConnection2 = httpURLConnection;
            if (httpURLConnection2 != null) {
                httpURLConnection2.disconnect();
            }
            if (m11) {
                b();
            }
            throw th;
        }
    }

    private static boolean m() {
        if (TrafficStats.getThreadStatsTag() != -1) {
            return false;
        }
        TrafficStats.setThreadStatsTag(0);
        return true;
    }

    private static String n(String str) {
        int length = str.length();
        int i11 = 0;
        while (i11 < length) {
            int codePointAt = str.codePointAt(i11);
            if (codePointAt <= 31 || codePointAt >= 127) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append((CharSequence) str, 0, i11);
                while (i11 < length) {
                    int codePointAt2 = str.codePointAt(i11);
                    sb2.appendCodePoint((codePointAt2 <= 31 || codePointAt2 >= 127) ? 63 : codePointAt2);
                    i11 += Character.charCount(codePointAt2);
                }
                return sb2.toString();
            }
            i11 += Character.charCount(codePointAt);
        }
        return str;
    }

    @Deprecated
    public static int o(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z11) throws OcspParameterException, OcspRequestException, OcspResponseException {
        d.a("verifyCert() start");
        d.a("Issuer : " + x509Certificate2.getSubjectX500Principal().getName());
        d.a("Target : " + x509Certificate.getSubjectX500Principal().getName());
        d.a("Target serial : " + x509Certificate.getSerialNumber().toString(16));
        d.a("useCache : " + z11);
        if (!j()) {
            d.a("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        String c11 = a.c(x509Certificate);
        if (z11 && c11 != null) {
            int i11 = a.i(c11);
            if (i11 == 0) {
                d.a("verifyCert() end");
                return 0;
            }
            if (i11 == 1) {
                d.a("verifyCert() end");
                return 1;
            }
            d.a("No valid cache found.");
        }
        String e11 = e(x509Certificate);
        if (e11 == null) {
            d.a("No OCSP responder URL. Skip verify.");
            d.a("verifyCert() end");
            return 0;
        }
        d.a("OCSP responder URL : " + e11);
        int a11 = a(k(d(x509Certificate, x509Certificate2), e11), x509Certificate2.getPublicKey(), x509Certificate.getSerialNumber().toString(16), c11);
        d.a("verifyCert() end");
        return a11;
    }

    public static int p(Certificate[] certificateArr, String str, boolean z11) throws OcspParameterException, OcspRequestException, OcspResponseException {
        d.a("verifyCert(chain) start");
        d.a("useCache : " + z11);
        if (!j()) {
            d.a("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        if (certificateArr == null || certificateArr.length == 0) {
            d.a("Certificate chain is null or length 0.");
            throw new OcspParameterException("Certificate chain is null or length 0.");
        }
        List<X509Certificate> h11 = h(certificateArr);
        if (h11 == null) {
            d.a("Failed to generate certificate chain.");
            return 2;
        }
        int i11 = 0;
        int i12 = 0;
        while (i11 < h11.size() - 1 && i12 == 0) {
            X509Certificate x509Certificate = h11.get(i11);
            i11++;
            i12 = o(x509Certificate, h11.get(i11), z11);
        }
        d.a("verifyCert(chain) end");
        return i12;
    }

    public static int q(String str, boolean z11) throws OcspParameterException, OcspRequestException, OcspResponseException {
        d.a("verifyUrl() start");
        d.a("Target URL : " + str);
        d.a("useCache : " + z11);
        if (!j()) {
            d.a("OcspUtil has not been initialized.");
            throw new OcspParameterException("OcspUtil has not been initialized.");
        }
        try {
            URL url = new URL(str);
            if (!url.getProtocol().equals(Constants.SCHEME)) {
                d.a("Target protocol is " + url.getProtocol() + ". Skip verify.");
                return 0;
            }
            try {
                Certificate[] g11 = g(url);
                if (g11 == null || g11.length == 0) {
                    d.a("Failed to get server certificates. (chain is null or length 0)");
                    throw new OcspRequestException("Failed to get server certificates. (chain is null or length 0)");
                }
                int p11 = p(g11, url.getHost(), z11);
                d.a("verifyUrl() end");
                return p11;
            } catch (OcspRequestException e11) {
                if (!b.a(e11, CertificateRevokedException.class)) {
                    throw e11;
                }
                d.a("CertificateRevokedException. " + e11.getMessage());
                return 1;
            }
        } catch (MalformedURLException e12) {
            d.a("URL is malformed. " + e12.getMessage());
            throw new OcspParameterException("URL is malformed.", e12);
        }
    }
}
