package org.bouncycastle.jce.provider;

import a3.s0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import k0.f;
import pa.d;
import pa.i;
import ra.n;
import x9.a0;
import x9.g;
import x9.h1;
import x9.j1;
import x9.p;
import x9.s;
import x9.u;
import x9.v;
import xa.d0;
import xb.l;
import ya.k;

/* loaded from: classes.dex */
public final class b implements l {

    /* renamed from: x1, reason: collision with root package name */
    public static final HashMap f8199x1;
    public final c X;
    public final lc.b Y;
    public f Z;

    /* renamed from: x0, reason: collision with root package name */
    public boolean f8200x0;

    /* renamed from: y0, reason: collision with root package name */
    public String f8201y0;

    static {
        HashMap hashMap = new HashMap();
        f8199x1 = hashMap;
        hashMap.put(new u("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        hashMap.put(n.x, "SHA224WITHRSA");
        hashMap.put(n.f8821u, "SHA256WITHRSA");
        hashMap.put(n.f8823v, "SHA384WITHRSA");
        hashMap.put(n.f8824w, "SHA512WITHRSA");
        hashMap.put(da.a.f4021k, "GOST3411WITHGOST3410");
        hashMap.put(da.a.f4022l, "GOST3411WITHECGOST3410");
        hashMap.put(sa.a.f9120e, "GOST3411-2012-256WITHECGOST3410-2012-256");
        hashMap.put(sa.a.f9121f, "GOST3411-2012-512WITHECGOST3410-2012-512");
        hashMap.put(tb.a.f9365a, "SHA1WITHPLAIN-ECDSA");
        hashMap.put(tb.a.f9366b, "SHA224WITHPLAIN-ECDSA");
        hashMap.put(tb.a.f9367c, "SHA256WITHPLAIN-ECDSA");
        hashMap.put(tb.a.d, "SHA384WITHPLAIN-ECDSA");
        hashMap.put(tb.a.f9368e, "SHA512WITHPLAIN-ECDSA");
        hashMap.put(tb.a.f9369f, "RIPEMD160WITHPLAIN-ECDSA");
        hashMap.put(vb.a.f10081a, "SHA1WITHCVC-ECDSA");
        hashMap.put(vb.a.f10082b, "SHA224WITHCVC-ECDSA");
        hashMap.put(vb.a.f10083c, "SHA256WITHCVC-ECDSA");
        hashMap.put(vb.a.d, "SHA384WITHCVC-ECDSA");
        hashMap.put(vb.a.f10084e, "SHA512WITHCVC-ECDSA");
        hashMap.put(ja.a.f6459a, "XMSS");
        hashMap.put(ja.a.f6460b, "XMSSMT");
        hashMap.put(new u("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        hashMap.put(new u("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        hashMap.put(new u("1.2.840.10040.4.3"), "SHA1WITHDSA");
        hashMap.put(k.Q0, "SHA1WITHECDSA");
        hashMap.put(k.T0, "SHA224WITHECDSA");
        hashMap.put(k.U0, "SHA256WITHECDSA");
        hashMap.put(k.V0, "SHA384WITHECDSA");
        hashMap.put(k.W0, "SHA512WITHECDSA");
        hashMap.put(qa.a.f8549h, "SHA1WITHRSA");
        hashMap.put(qa.a.f8548g, "SHA1WITHDSA");
        hashMap.put(na.b.R, "SHA224WITHDSA");
        hashMap.put(na.b.S, "SHA256WITHDSA");
    }

    public b(c cVar, lc.a aVar) {
        this.X = cVar;
        this.Y = aVar;
    }

    public static byte[] b(MessageDigest messageDigest, PublicKey publicKey) {
        return messageDigest.digest(d0.p(publicKey.getEncoded()).Y.E());
    }

    public static String e(xa.b bVar) {
        g gVar = bVar.Y;
        if (gVar == null || h1.Y.v(gVar) || !bVar.X.w(n.f8819t)) {
            HashMap hashMap = f8199x1;
            return hashMap.containsKey(bVar.X) ? (String) hashMap.get(bVar.X) : bVar.X.X;
        }
        ra.u p10 = ra.u.p(gVar);
        StringBuilder sb2 = new StringBuilder();
        String a10 = lc.c.a(p10.X.X);
        int indexOf = a10.indexOf(45);
        if (indexOf > 0 && !a10.startsWith("SHA3")) {
            a10 = a10.substring(0, indexOf) + a10.substring(indexOf + 1);
        }
        return ac.b.p(sb2, a10, "WITHRSAANDMGF1");
    }

    public static X509Certificate f(pa.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2, lc.b bVar) {
        s sVar = aVar.X.Z.X;
        byte[] bArr = sVar instanceof v ? ((v) sVar).X : null;
        if (bArr != null) {
            MessageDigest f10 = bVar.f("SHA1");
            if (x509Certificate2 != null && Arrays.equals(bArr, b(f10, x509Certificate2.getPublicKey()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && Arrays.equals(bArr, b(f10, x509Certificate.getPublicKey()))) {
                return x509Certificate;
            }
        } else {
            wa.a aVar2 = wa.a.f10349q;
            va.c p10 = va.c.p(aVar2, sVar instanceof v ? null : va.c.r(sVar));
            if (x509Certificate2 != null && p10.equals(va.c.p(aVar2, x509Certificate2.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate2;
            }
            if (x509Certificate != null && p10.equals(va.c.p(aVar2, x509Certificate.getSubjectX500Principal().getEncoded()))) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static boolean g(i iVar, X509Certificate x509Certificate, lc.b bVar) {
        s sVar = iVar.X;
        va.c cVar = null;
        byte[] bArr = sVar instanceof v ? ((v) sVar).X : null;
        if (bArr != null) {
            return Arrays.equals(bArr, b(bVar.f("SHA1"), x509Certificate.getPublicKey()));
        }
        wa.a aVar = wa.a.f10349q;
        if (!(sVar instanceof v)) {
            cVar = va.c.r(sVar);
        }
        return va.c.p(aVar, cVar).equals(va.c.p(aVar, x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    /* JADX WARN: Unreachable blocks removed: 6, instructions: 6 */
    public static boolean h(pa.a aVar, f fVar, byte[] bArr, X509Certificate x509Certificate, lc.b bVar) {
        try {
            a0 a0Var = aVar.f8394x0;
            Signature b4 = bVar.b(e(aVar.Y));
            X509Certificate f10 = f(aVar, (X509Certificate) fVar.f6597f, x509Certificate, bVar);
            if (f10 == null && a0Var == null) {
                throw new CertPathValidatorException("OCSP responder certificate not found");
            }
            if (f10 != null) {
                b4.initVerify(f10.getPublicKey());
            } else {
                X509Certificate x509Certificate2 = (X509Certificate) bVar.h("X.509").generateCertificate(new ByteArrayInputStream(a0Var.G(0).h().getEncoded()));
                x509Certificate2.verify(((X509Certificate) fVar.f6597f).getPublicKey());
                x509Certificate2.checkValidity(fVar.a());
                if (!g(aVar.X.Z, x509Certificate2, bVar)) {
                    throw new CertPathValidatorException("responder certificate does not match responderID", null, (CertPath) fVar.f6596e, fVar.f6594b);
                }
                List<String> extendedKeyUsage = x509Certificate2.getExtendedKeyUsage();
                if (extendedKeyUsage == null || !extendedKeyUsage.contains(xa.v.Y.X.X)) {
                    throw new CertPathValidatorException("responder certificate not valid for signing OCSP responses", null, (CertPath) fVar.f6596e, fVar.f6594b);
                }
                b4.initVerify(x509Certificate2);
            }
            b4.update(aVar.X.o("DER"));
            if (!b4.verify(aVar.Z.E())) {
                return false;
            }
            if (bArr != null && !Arrays.equals(bArr, aVar.X.f8400x1.p(d.f8397b).Z.X)) {
                throw new CertPathValidatorException("nonce mismatch in OCSP response", null, (CertPath) fVar.f6596e, fVar.f6594b);
            }
            return true;
        } catch (IOException e10) {
            throw new CertPathValidatorException(com.llamalab.automate.stmt.a.g(e10, s0.k("OCSP response failure: ")), e10, (CertPath) fVar.f6596e, fVar.f6594b);
        } catch (CertPathValidatorException e11) {
            throw e11;
        } catch (GeneralSecurityException e12) {
            StringBuilder k10 = s0.k("OCSP response failure: ");
            k10.append(e12.getMessage());
            throw new CertPathValidatorException(k10.toString(), e12, (CertPath) fVar.f6596e, fVar.f6594b);
        }
    }

    @Override // xb.l
    public final void a(f fVar) {
        this.Z = fVar;
        this.f8200x0 = yd.f.b("ocsp.enable");
        this.f8201y0 = yd.f.a("ocsp.responderURL");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public final pa.b c(xa.b bVar, xa.i iVar, p pVar) {
        try {
            MessageDigest f10 = this.Y.f(lc.c.a(bVar.X));
            return new pa.b(bVar, new j1(f10.digest(iVar.Y.C1.o("DER"))), new j1(f10.digest(iVar.Y.D1.Y.E())), pVar);
        } catch (Exception e10) {
            throw new CertPathValidatorException("problem creating ID: " + e10, e10);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:117:0x044e, code lost:
    
        if (r2.X.equals(r4.X.X) != false) goto L173;
     */
    /* JADX WARN: Code restructure failed: missing block: B:193:0x0268, code lost:
    
        r15 = r6;
        r11 = pa.f.p(r8.toByteArray());
     */
    /* JADX WARN: Code restructure failed: missing block: B:195:0x0279, code lost:
    
        if (r11.X.X.F() != 0) goto L118;
     */
    /* JADX WARN: Code restructure failed: missing block: B:196:0x027b, code lost:
    
        r1 = pa.j.p(r11.Y);
     */
    /* JADX WARN: Code restructure failed: missing block: B:197:0x0289, code lost:
    
        if (r1.X.w(pa.d.f8396a) == false) goto L102;
     */
    /* JADX WARN: Code restructure failed: missing block: B:198:0x029f, code lost:
    
        r5 = r15;
        r1 = false;
     */
    /* JADX WARN: Code restructure failed: missing block: B:199:0x02a2, code lost:
    
        if (r1 == false) goto L115;
     */
    /* JADX WARN: Code restructure failed: missing block: B:200:0x02a4, code lost:
    
        r1 = oc.e.f7922a.get(r3);
     */
    /* JADX WARN: Code restructure failed: missing block: B:201:0x02ac, code lost:
    
        if (r1 == null) goto L107;
     */
    /* JADX WARN: Code restructure failed: missing block: B:202:0x02ae, code lost:
    
        r1.get().put(r4, r11);
     */
    /* JADX WARN: Code restructure failed: missing block: B:203:0x02b8, code lost:
    
        r1 = new java.util.HashMap();
        r1.put(r4, r11);
        oc.e.f7922a.put(r3, new java.lang.ref.WeakReference<>(r1));
     */
    /* JADX WARN: Code restructure failed: missing block: B:206:0x0301, code lost:
    
        throw new java.security.cert.CertPathValidatorException("OCSP response failed to validate", null, (java.security.cert.CertPath) r5.f6596e, r5.f6594b);
     */
    /* JADX WARN: Code restructure failed: missing block: B:209:0x0293, code lost:
    
        r5 = r15;
     */
    /* JADX WARN: Code restructure failed: missing block: B:211:0x0294, code lost:
    
        r1 = h(pa.a.p(r1.Y.X), r5, r13, r7, r9);
        r5 = r5;
     */
    /* JADX WARN: Code restructure failed: missing block: B:212:0x02ee, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:215:0x0299, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:216:0x029a, code lost:
    
        r5 = r15;
     */
    /* JADX WARN: Code restructure failed: missing block: B:217:0x0302, code lost:
    
        r1 = new java.lang.StringBuilder();
        r1.append("OCSP responder failed: ");
        r2 = r11.X.X;
        r2.getClass();
        r1.append(new java.math.BigInteger(r2.X));
     */
    /* JADX WARN: Code restructure failed: missing block: B:218:0x0331, code lost:
    
        throw new java.security.cert.CertPathValidatorException(r1.toString(), null, (java.security.cert.CertPath) r15.f6596e, r15.f6594b);
     */
    /* JADX WARN: Code restructure failed: missing block: B:219:0x0332, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:80:0x016b, code lost:
    
        if (r11 != null) goto L218;
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v35, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r3v27, types: [byte[], java.lang.Object] */
    /* JADX WARN: Type inference failed for: r5v19 */
    /* JADX WARN: Type inference failed for: r5v20, types: [k0.f] */
    /* JADX WARN: Type inference failed for: r5v30 */
    /* JADX WARN: Type inference failed for: r5v31, types: [int] */
    /* JADX WARN: Type inference failed for: r5v35 */
    /* JADX WARN: Type inference failed for: r5v36 */
    /* JADX WARN: Type inference failed for: r5v37, types: [k0.f] */
    /* JADX WARN: Type inference failed for: r5v42 */
    /* JADX WARN: Type inference failed for: r5v43 */
    @Override // xb.l
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void check(java.security.cert.Certificate r23) {
        /*
            Method dump skipped, instructions count: 1327
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.b.check(java.security.cert.Certificate):void");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public final xa.i d() {
        try {
            return xa.i.p(((X509Certificate) this.Z.f6597f).getEncoded());
        } catch (Exception e10) {
            String g10 = ac.c.g(e10, s0.k("cannot process signing cert: "));
            f fVar = this.Z;
            throw new CertPathValidatorException(g10, e10, (CertPath) fVar.f6596e, fVar.f6594b);
        }
    }
}
